JP5783022B2 - Authentication program, authentication apparatus, and authentication method - Google Patents

Description

  The present invention relates to an authentication program, an authentication device, and an authentication method for performing authentication.

  In various scenes, authentication is performed to confirm validity. For example, when a Web service is accessed by a PC (Personal computer), authentication using an ID / password is performed. Further, for example, when a single PC is used by a plurality of users, an individual is specified by user authentication when using an application such as a scheduler.

  A technique is known in which authentication is performed by determining a match between a plurality of images selected by touching from among a plurality of displayed candidate images and a plurality of correct images registered in advance. In addition, a technique is known in which predetermined portions of a plurality of display images including a dummy image are sequentially specified, and specification information for the display image excluding the dummy images is input as an authentication password. Further, a technique for updating a display image such as page turning based on a contact position or a moving direction of a finger touching a display unit is known.

JP 2010-170170 A WO2003 / 079204 JP 2000-163193 A

  In order to prevent fraud such as impersonation, IDs and passwords input at the time of authentication often use a long and complex character string depending on the security level. Therefore, the user has to remember long and complicated IDs and passwords for authentication, and input those character strings every time authentication is performed.

  The technique for selecting and authenticating a plurality of images from a large number of images displayed on the screen described above performs authentication using images that are easy for the user to remember intuitively compared to character strings. However, in order to obtain a certain level of security with this technology, it is necessary to increase the number of images to be selected, increase the number of dummy images to be displayed, and randomly change the display position of the images each time authentication is performed. It is not easy for users to authenticate.

  In one aspect, an object of the present invention is to provide a technique that enables an easier authentication for a user by using an image that is intuitively likely to remain in memory.

In one aspect, the disclosed program causes a computer to function as follows. That is, the program is an image obtained by displaying a base image on a display device on a computer on which the program is installed and executed, accepting selection of the displayed base image, and dividing the base image into a plurality of parts, the combination of a plurality of decorative images a part of which is changed each divided image, displayed on the display device, accept each selection of the displayed plurality of decoration image, and received, the base image and the plurality of decoration images However, when the combination information of the base image and the decoration image is registered in the storage unit to be registered, a process for determining that the authentication is successful is executed.

  In one aspect, it is possible to perform authentication easier for the user using an image that is intuitively likely to remain in memory.

It is a figure which shows the structural example of the authentication apparatus by this Embodiment. It is a figure which shows the hardware structural example of the computer which implement | achieves the authentication apparatus by this Embodiment. It is a figure which shows the example of the base image by this Embodiment. It is a figure which shows the example of the base image management data by this Embodiment. It is a figure explaining the decoration image by this Embodiment. It is a figure which shows the example of the decoration image by this Embodiment. It is a figure which shows the example of the decoration image management data by this Embodiment. It is a figure which shows the example of the registration data by this Embodiment. It is a figure which shows the example of an authentication information input screen. It is a figure explaining the example of the authentication using the image by this Embodiment. It is a figure explaining the example of the authentication using the image by this Embodiment. It is a figure explaining the example of the authentication using the image by this Embodiment. It is an authentication process flowchart by the authentication apparatus of this Embodiment. It is a figure which shows the example of an authentication / registration selection screen. It is a registration process flowchart by the authentication apparatus of this Embodiment. It is a registration process flowchart by the authentication apparatus of this Embodiment. It is a registration process flowchart by the authentication apparatus of this Embodiment. It is a registration process flowchart by the authentication apparatus of this Embodiment.

  Hereinafter, the present embodiment will be described with reference to the drawings. In the following description, an example is mainly used in which authentication using an image according to the present embodiment is used to automatically input authentication information input at the time of login of a Web service or the like. Here, the web service is a service provided on the web such as online shopping and SNS (Social Network Service).

  FIG. 1 is a diagram illustrating a configuration example of an authentication apparatus according to the present embodiment.

  An authentication apparatus 10 shown in FIG. 1 performs user authentication using an image according to the present embodiment. The authentication device 10 includes a detection unit 11, a display unit 12, an operation reception unit 13, a determination unit 14, an output unit 15, a registration unit 16, a base image storage unit 200, a decorative image storage unit 210, a base image management information storage unit 220, A decoration image management information storage unit 230 and a registration information storage unit 240 are provided. In addition, the computer that implements the authentication device 10 illustrated in FIG. 1 includes a touch panel 30 that serves as both a display device and an input device.

  The base image storage unit 200 is a storage unit that stores a plurality of base images used for authentication according to the present embodiment. The base image is an image selected by the user as a basic image in the authentication according to the present embodiment.

  The decoration image storage unit 210 is a storage unit that stores a plurality of decoration images used for authentication according to the present embodiment. The decoration image is an image that decorates the base image. For example, the decoration image is an image in which an additional element is added to the base image, such as an image in which an item is added to the base image or an image in which a pattern or color of a part of the base image is changed.

  The base image management information storage unit 220 is a storage unit that stores management information of the base image stored in the base image storage unit 200. The decoration image management information storage unit 230 is a storage unit that stores management information of decoration images stored in the decoration image storage unit 210.

  The registration information storage unit 240 is a storage unit in which information on a combination of a base image and a decoration image is registered. For example, the user registers in advance in the registration information storage unit 240 information about a combination of a base image and a decoration image that the user uses for authentication. Further, in the registration information storage unit 240 of the present embodiment, authentication information output upon successful authentication according to the present embodiment is associated with a combination of a base image and a decoration image.

  The detection unit 11 automatically detects that the authentication information input area is displayed on the touch panel 30. The authentication information input area is, for example, an input field for authentication information such as an ID and password required when logging in to the Web service. In the example of this embodiment, it is assumed that authentication according to this embodiment is executed when an input area for authentication information is displayed on the touch panel 30.

  The display unit 12 controls image display on the touch panel 30. The display unit 12 includes a base image display unit 121 and a decoration image display unit 122. The operation receiving unit 13 receives a user operation on the touch panel 30. The operation reception unit 13 includes a base image selection reception unit 131 and a decoration image selection reception unit 132.

  The base image display unit 121 displays the base image stored in the base image storage unit 200 on the touch panel 30 at the time of authentication. The base image selection accepting unit 131 accepts selection of a base image to be authenticated by a user operation during authentication.

  At the time of authentication, the decoration image display unit 122 displays, on the touch panel 30, a decoration image that is stored in the decoration image storage unit 210 and decorates the base image to be authenticated. At this time, in the example of the present embodiment, the decoration image display unit 122 displays the decoration image at a predetermined position in the area where the base image to be authenticated is displayed. Here, the display position of each decoration image with respect to the base image is determined. The decoration image selection accepting unit 132 accepts selection of a decoration image to be authenticated by a user operation during authentication.

  The determination unit 14 determines that the authentication is successful when the combination of the base image to be authenticated and the decoration image to be authenticated selected by the user operation is registered in the registration information storage unit 240.

  When it is determined that the authentication is successful, the output unit 15 includes a base image to be authenticated and a decoration image to be authenticated selected by the user operation in the registration information storage unit 240 in the input area of the detected authentication information. The authentication information associated with the combination is output.

  Alternatively, a process of newly registering a combination of a base image and a decoration image in the registration information storage unit 240 may be executed when the input area for authentication information is displayed on the touch panel 30.

  At the time of registration, the base image display unit 121 displays, on the touch panel 30, a base image whose registration number in the registration information storage unit 240 is equal to or less than a predetermined number among the base images stored in the base image storage unit 200. At the time of registration, the base image selection receiving unit 131 receives selection of a base image of a combination to be newly registered by a user operation.

  At the time of registration, the decoration image display unit 122 displays, on the touch panel 30, a decoration image that decorates a newly registered combination base image with a decoration image stored in the decoration image storage unit 210. At this time, similarly to the base image, a decoration image in which the number registered in the registration information storage unit 240 is a predetermined number or less may be displayed. At the time of registration, the decoration image selection receiving unit 132 receives selection of a combination image to be newly registered by a user operation.

  The registration unit 16 registers, in the registration information storage unit 240, a combination of a base image that is newly registered and a decoration image that is newly registered, which is selected by a user operation.

  FIG. 2 is a diagram illustrating a hardware configuration example of a computer that realizes the authentication apparatus according to the present embodiment.

  A computer 1 that realizes the authentication device 10 according to the present embodiment shown in FIG. 1 includes, for example, a CPU (Central Processing Unit) 2, a memory 3 as a main memory 3, a storage device 4, a communication device 5, and a medium reading / writing device. 6, input device 7, output device 8 and the like. The storage device 4 is an external storage device such as an HDD (Hard Disk Drive) or an auxiliary storage device. The medium reading / writing device 6 is, for example, a CD-R (Compact Disc Recordable) drive or a DVD-R (Digital Versatile Disc Recordable) drive. The input device 7 is, for example, a keyboard / mouse. The output device 8 is a display device such as a display, for example. The touch panel 30 shown in FIG. 1 is a device that serves as both the input device 7 and the output device 8.

  The authentication device 10 and each functional unit included in the authentication device 10 illustrated in FIG. 1 can be realized by hardware such as the CPU 2 and the memory 3 included in the computer 1 and a software program. A program that can be executed by the computer 1 is stored in the storage device 4, read into the memory 3 at the time of execution, and executed by the CPU 2.

  The computer 1 can also read a program directly from a portable recording medium and execute processing according to the program. The computer 1 can also sequentially execute processing according to the received program every time the program is transferred from the server computer. Further, this program can be recorded on a recording medium readable by the computer 1.

  FIG. 3 is a diagram illustrating an example of a base image according to the present embodiment.

  The base images shown in FIGS. 3A to 3E are examples of base images stored in the base image storage unit 200. FIG. In FIG. 3, an alphanumeric character string described below each base image is a base image ID for identifying each base image. Although FIG. 3 shows an example in which the base image is an illustration, the base image may be a photograph.

  FIG. 4 is a diagram illustrating an example of the base image management data according to the present embodiment.

  The base image management data 225 illustrated in FIG. 4 is an example of base image management information stored in the base image management information storage unit 220. In the base image management data 225 shown in FIG. 4, the base images shown in FIGS. 3A to 3E are managed.

  The base image management data 225 shown in FIG. 4 has base image ID, base image data, and information on the number of usable / usable numbers. The base image ID is identification information that uniquely identifies the base image. The base image data indicates the file name of the base image data of the record. The number of uses indicates the number of combinations using the base image of the record currently registered in the registration information storage unit 240. The usable number indicates the upper limit of the number of combinations using the base image of the record that can be registered in the registration information storage unit 240.

  FIG. 5 is a diagram for explaining a decoration image according to the present embodiment.

  FIG. 5 shows an example of a decoration image that decorates the base image with the base image ID “A001” shown in FIG. Here, it is assumed that the base image is divided into five areas as shown in FIG. 5 and decoration is performed with a decoration image, one for each area. In FIG. 5, #a to #e indicate positions where the base image is decorated with the decoration image.

  FIG. 6 is a diagram illustrating an example of a decoration image according to the present embodiment.

  The decoration images shown in FIGS. 6A to 6E are examples of decoration images stored in the decoration image storage unit 210. In FIG. 6, an alphanumeric character string described on the left of each decoration image is a decoration image ID for identifying each decoration image. In FIG. 6, #a to #e indicate positions where the base image described in FIG. 5 is decorated with a decoration image.

  FIG. 6A shows an example of a decoration image that decorates the base image with the base image ID “A001” shown in FIG. FIG. 6B illustrates an example of a decoration image that decorates the base image with the base image ID “A002” illustrated in FIG. FIG. 6C illustrates an example of a decoration image that decorates the base image with the base image ID “A003” illustrated in FIG. FIG. 6D illustrates an example of a decoration image that decorates the base image with the base image ID “A004” illustrated in FIG. FIG. 6E shows an example of a decoration image that decorates the base image with the base image ID “A005” shown in FIG.

  In the example shown in FIG. 6, a decoration image for decorating the base image is prepared for each of the five types of base images. In the example shown in FIG. 6, five types of decorative images are prepared for each of the regions divided into five base images.

  FIG. 7 is a diagram illustrating an example of decoration image management data according to the present embodiment.

  The decoration image management data 235 illustrated in FIG. 7 is an example of decoration image management information stored in the decoration image management information storage unit 230. In the decorative image management data 235 shown in FIG. 7, the decorative images shown in FIGS. 6A to 6E are managed.

  The decoration image management data 235 shown in FIG. 7 has base image ID, decoration position, decoration image ID, decoration image data, and information on the number of used / usable numbers. The base image ID indicates the base image ID of the base image to which the decoration image of the record is to be decorated. The decoration position indicates which position of the base image indicated by the base image ID is the decoration image of the record. The decoration image ID is identification information for uniquely identifying the decoration image. The decoration image data indicates the file name of the decoration image data. The number of uses indicates the number of combinations using the decorative image of the record currently registered in the registration information storage unit 240. The usable number indicates the upper limit of the number of combinations using the decorative image of the record that can be registered in the registration information storage unit 240.

  FIG. 8 is a diagram showing an example of registration data according to the present embodiment.

  The registration data 245 illustrated in FIG. 8 is an example of information on a combination of a base image and a decoration image stored in the registration information storage unit 240. In the registration data 245 shown in FIG. 8, a combination of the base image shown in FIG. 3 and the decoration image shown in FIG. 6 that decorates the base image is registered.

  The registration data 245 shown in FIG. 8 has information of record ID, base image ID, decoration image ID (#a to #e), ID (authentication information), and password (authentication information). The record ID is identification information that uniquely identifies a record of the registration data 245. The base image ID indicates the base image ID of the base image in the combination of records. The decoration image ID (#a to #e) indicates the decoration image ID of the decoration image corresponding to each area of the base image in the record combination. The ID (authentication information) and the password (authentication information) are authentication information that is output to the input area of the target authentication information when the authentication of this embodiment is successful with the combination of records. As described above, in the registration data 245 of the present embodiment, the authentication information output to the authentication information input area is associated with the combination of the base image and the decoration image.

  Below, the authentication using the image by the authentication apparatus 10 of this Embodiment is demonstrated using a specific example.

  In the authentication device 10, the detection unit 11 monitors the display on the touch panel 30 and detects that the authentication information input area is displayed.

  FIG. 9 is a diagram illustrating an example of an authentication information input screen.

  An authentication information input screen 300 shown in FIG. 9 is an example of a screen including an authentication information input area 301 displayed on the touch panel 30 for accessing a Web service. The authentication information input screen 300 shown in FIG. 9 displays an authentication information input area 301 for inputting an ID and a password. The detection unit 11 detects an authentication information input area 301. The technology for detecting the authentication information input area 301 displayed on the screen is already used in existing authentication software.

  When the detection unit 11 detects the authentication information input area 301, as shown in the example of the authentication information input screen 300 in FIG. 9, the detection unit 11 displays an image according to the present embodiment in the vicinity of the detected authentication information input area 301. A touch authentication button 302 that is an execution button of the used authentication process is displayed. In the present embodiment, the user performs authentication by touching and operating the touch panel 30 with a finger. Here, the authentication according to the present embodiment performed by touching the touch panel 30 with a finger and operating the touch panel 30 is referred to as touch authentication.

  The user determines whether the Web service of the authentication information input screen 300 displayed on the touch panel 30 is a Web service in which authentication information has been registered as a touch authentication target. If the Web service on the authentication information input screen 300 displayed on the touch panel 30 is a touch authentication target Web service, the user touches the touch authentication button 302 displayed on the touch panel 30. For a Web service in which authentication information such as an ID and a password is not registered in the registration information storage unit 240 in advance, even if the touch authentication according to the present embodiment is used, appropriate authentication information cannot be automatically output.

  Note that the detection unit 11 may automatically determine whether the Web service on the authentication information input screen 300 displayed on the touch panel 30 is a touch authentication target Web service. The Web service can be identified by information such as the URL of the site. For example, if authentication information such as an ID and a password and Web site identification information are registered in association with each other, the Web service of the authentication information input screen 300 displayed on the touch panel 30 is the target Web service for touch authentication. This can be automatically determined by the detection unit 11.

  10 to 12 are diagrams illustrating an example of authentication using an image according to the present embodiment.

  When the user touches the touch authentication button 302 on the touch panel 30, the display unit 12 displays an authentication screen using an image according to the present embodiment on the touch panel 30. A touch authentication screen 310 illustrated in FIGS. 10 to 12 is an example of an authentication screen using an image according to the present embodiment displayed on the touch panel 30.

  For example, when the touch authentication button 302 on the touch panel 30 is touched by the user, the display unit 12 displays the touch authentication screen 310 illustrated in FIG. At this time, the base image display unit 121 displays the base image on the touch authentication screen 310. On the touch authentication screen 310 shown in FIG. 10A, the base image with the base image ID “A001” shown in FIG. 3A is displayed. For example, the base image display unit 121 randomly determines a base image to be displayed first on the touch authentication screen 310. A dummy image may be prepared in addition to the base image that can be used for authentication, and the dummy image may be displayed interlaced with the base image that can be used for authentication.

  As shown in FIG. 10B, the user slides the base image displayed on the touch authentication screen 310 up and down and displays it on the touch authentication screen 310 by moving the touch panel 30 up and down with a finger. To change the base image. In the operation reception unit 13, a base image selection reception unit 131 receives an operation on a base image by a user. The base image display unit 121 slides and changes the base image displayed on the touch authentication screen 310 in accordance with a user operation on the base image.

  When the base image registered as the authentication combination is displayed on the touch authentication screen 310, the user instructs the selection of the base image to be authenticated by touching the OK button on the touch authentication screen 310 with a finger. . The base image selection receiving unit 131 receives selection of a base image to be authenticated by a user operation. Here, it is assumed that the base image with the base image ID “A001” shown in FIG. 3A is selected as the base image to be authenticated.

  When the base image to be authenticated is selected, the decoration image display unit 122 displays a decoration image corresponding to the base image to be authenticated on the touch authentication screen 310. The decoration image corresponding to the base image to be authenticated can be obtained by referring to the decoration image management data 235 shown in FIG. In the touch authentication screen 310 shown in FIG. 11A, the decoration image IDs “a101” and “b101” shown in FIG. 6A corresponding to the base image with the base image ID “A001” shown in FIG. , “C101”, “d101”, and “e101” are displayed. Each decoration image is displayed at a predetermined decoration position in each region #a, #b, #c, #d, #e of the base image. For example, the decoration image display unit 122 refers to the registration data 245 shown in FIG. 8 and determines a combination decoration image not registered in the registration data 245 as a combination of decoration images to be displayed first.

  As shown in FIG. 11B, the user touches the touch panel 30 with a finger and moves it left and right to slide each decoration image displayed on the touch authentication screen 310 in the horizontal direction to display the touch authentication screen 310. Instructs to change the displayed decoration image. In the operation reception unit 13, a decoration image selection reception unit 132 receives an operation on the decoration image by the user. The decoration image display unit 122 slides and changes the decoration image displayed on the touch authentication screen 310 in response to an operation on the decoration image by the user.

  The user selects the decoration image to be authenticated by touching the OK button on the touch authentication screen 310 with a finger when the combination of the decoration images registered as the authentication combination is displayed on the touch authentication screen 310. Instruct. The decorative image selection receiving unit 132 receives selection of a decorative image to be authenticated by a user operation. Here, as shown in FIG. 12, the decorative images with the decorative image IDs “a101”, “b105”, “c104”, “d102”, and “e101” shown in FIG. It shall be selected.

  When the user touches the cancel button on the touch authentication screen 310, the touch authentication is stopped.

  The determination unit 14 checks whether the combination of the base image to be authenticated and the decorative image to be authenticated selected by the user is registered in the registration information storage unit 240. Here, as shown in FIG. 12, the combination of the base image with the base image ID “A001” and the decorative images with the decorative image IDs “a101”, “b105”, “c104”, “d102”, and “e101”. Is selected by the user. This combination matches the record with the record ID “# 001” of the registration data 245 shown in FIG. At this time, the determination unit 14 determines that the user has succeeded in authentication using the image according to the present embodiment. When the combination selected by the user is not in the registration information storage unit 240, the determination unit 14 determines that the authentication has failed.

  The output unit 15 acquires authentication information associated with the combination selected by the user from the record with the record ID “# 001” of the registration data 245 illustrated in FIG. 8. Here, the ID “aaaaaa” and the password “xxxx” are acquired. The output unit 15 outputs the acquired ID “aaaaaa” and password “xxxx” to the authentication information input area 301 on the authentication information input screen 300 shown in FIG. 9 and logs in to the target Web service.

  FIG. 13 is an authentication processing flowchart by the authentication apparatus of the present embodiment.

  In the authentication device 10, the detection unit 11 detects that the authentication information input area 301 is displayed on the touch panel 30 (step S10). The detection unit 11 displays a touch authentication button 302 in the vicinity of the detected authentication information input area 301 on the touch panel 30 (step S11). The detection unit 11 determines whether the touch authentication button 302 on the touch panel 30 has been touched by the user (step S12).

  When the touch authentication button 302 is not touched (NO in step S12), the authentication device 10 does not perform authentication processing using an image according to the present embodiment. In this case, for example, the user directly inputs authentication information into the authentication information input area 301 without touching the touch authentication button 302 and logs in to the Web service.

  When the touch authentication button 302 is touched (YES in step S12), the base image display unit 121 displays a base image on the touch panel 30 (step S13). The user performs a touch operation such as sliding the base image displayed on the touch panel 30, and performs an operation of selecting the base image in a state where the base image to be authenticated is displayed. The base image selection accepting unit 131 accepts selection of a base image to be authenticated by the user (step S14).

  The decorative image display unit 122 displays a decorative image corresponding to the base image to be authenticated, selected by the user, on the touch panel 30 (step S15). The correspondence between the base image and the decoration image is recorded in the decoration image management data 235 stored in the decoration image management information storage unit 230, for example. The user performs a touch operation such as sliding the decoration image displayed on the touch panel 30, and performs an operation of selecting the decoration image in a state where a combination of decoration images to be authenticated is displayed. The decorative image selection receiving unit 132 receives selection of a decorative image to be authenticated by the user (step S16).

  The determination unit 14 determines whether the combination of the base image to be authenticated and the decoration image selected by the user matches any of the combination of the base image and the decoration image registered in the registration information storage unit 240. (Step S17).

  If the selected combination does not match any of the registered combinations (NO in step S17), the determination unit 14 determines that the authentication has failed, returns to step S13, and authenticates the user again. And a selection of a combination of the decoration image. Here, the user can perform authentication any number of times by changing the selection of the combination of the base image and the decoration image. For example, when increasing the security level of authentication, a limit is set for the number of authentication failures, and when the number of authentication failures exceeds the limit, login control is temporarily disabled. It may be.

  If the selected combination matches any of the registered combinations (YES in step S17), the determination unit 14 determines that the authentication is successful (step S18). At this time, the output unit 15 outputs the authentication information associated with the combination of the base image and the decoration image successfully authenticated in the registration information storage unit 240 to the authentication information input area 301 detected in step S10. Then, login to the target service is executed (step S19).

  As described above, in the authentication using the image of the present embodiment, the user selects a combination of the base image and the decoration image. Since the decorative image is an image that additionally decorates the original base image, the user remembers only one image completed by adding the decorative image to the base image, for example, as shown in FIG. If this is done, authentication can be performed. As a result, it is possible for the user to more easily authenticate using an image that is more intuitively stored in the memory.

  For example, when authentication is performed simply by combining a plurality of images as in the case of authentication using conventional images, it is necessary to remember all of the combined images. For this reason, in order to increase the security level, it is necessary to increase the number of images to be combined, increase the number of images that can be used as a combination option, and it becomes difficult for the user to remember the combination of images. On the other hand, in the authentication using the image of the present embodiment, even if the number of base images and decoration images that are options for increasing the security level is increased, the image that the user remembers is displayed in the base image. Only one image that is completed by adding an image is required.

  In addition, for example, as shown in FIG. 11, each decoration image is displayed at a predetermined position on the area of the base image to be authenticated, and the user can select it, so that the user can easily remember the registered decoration image. . For example, authentication using the image of the present embodiment can be realized by a method of selecting a target image from a large number of randomly arranged images. However, this method makes it difficult for the user to find a target image from a large number of images. In the example shown in FIG. 11, the decoration image that decorates the same position is always displayed at the same position with respect to the base image, so that the user does not need to search for an image that does not know where it is displayed.

  Further, in the example of the present embodiment, when the authentication information input area 301 is detected, authentication using the image according to the present embodiment is performed, and the combination of the base image and the decoration image that have been successfully authenticated is performed. The associated authentication information is automatically output to the authentication information input area 301. In order to prevent fraud such as impersonation, a long and complex character string is often used for authentication information such as ID and password depending on the security level. Further, in a small touch terminal that is becoming widespread, it is very difficult to input a character string such as an ID or a password because the buttons for inputting characters displayed on the screen are small. With the technology of this embodiment, authentication information such as IDs and passwords that are difficult for a user to remember and difficult to enter with a small touch terminal can be realized by authentication using images that are intuitively easy for a user to remember. It becomes.

  Also, for example, authentication information for logging in to a certain Web service α and authentication information for logging in to another Web service β are registered in association with the same combination of the same base image and decoration image, respectively. It is also possible to leave. If authentication is successful with the combination of the base image and the decoration image, the authentication information depends on whether the Web service in the input area 301 of the detected authentication information is the Web service α or the Web service β. The authentication information that is automatically output to the input area 301 is properly used. In this way, it is possible to log in to a plurality of different services by authentication using the same combination of the base image and the decoration image. As described above, there are known techniques for automatically identifying services.

  In recent years, with the increase in Web services, users use different authentication information such as IDs and passwords. When the number of Web services to be used increases, the management of authentication information becomes troublesome for the user, such as writing the ID and password for each Web service in a notepad or writing them on a sticky note and pasting them on a PC. In addition, if memos and the like cannot be managed, authentication information may be inadvertently leaked and fraud such as impersonation may occur. By using a combination of the same base image and decoration image to enable access to a plurality of different services, the user can manage a single base image and a plurality of authentication information without managing a large amount of authentication information. It is possible to access various services just by remembering combinations with decorative images.

  Here, registration of a combination of a base image and a decoration image in the registration information storage unit 240 will be described. The registration of the combination of the base image and the decoration image in the registration information storage unit 240 can be performed at an arbitrary timing using, for example, a registration tool. Similarly to the authentication example described above, the combination of the base image and the decoration image can be registered in the registration information storage unit 240 when the authentication information input area 301 is displayed on the touch panel 30 as a trigger. You may do it.

  For example, when the authentication information input screen 300 shown in FIG. 9 is displayed on the touch panel 30, the detection unit 11 detects the authentication information input area 301. At this time, the detection unit 11 displays a touch authentication button 302 in the vicinity of the input area 301 for the detected authentication information, as shown in FIG. When the user touches the touch authentication button 302 on the touch panel 30, the detection unit 11 causes the user to select whether to perform authentication or to newly register a combination of a base image and a decoration image.

  FIG. 14 is a diagram illustrating an example of the authentication / registration selection screen.

  An authentication / registration selection screen 320 shown in FIG. 14 is an example of a screen displayed on the touch panel 30 that allows the user to select whether to perform authentication or newly register a combination of a base image and a decoration image. . The detection unit 11 displays an authentication / registration selection screen 320 shown in FIG. 14 on the touch panel 30 when the touch authentication button 302 is touched.

  When performing authentication using an image according to the present embodiment, the user touches an authentication button on the authentication / registration selection screen 320 shown in FIG. In this case, for example, a touch authentication screen 310 shown in FIG. 10A is displayed on the touch panel 30, and the above-described authentication processing is performed thereafter. When newly registering a combination of a base image and a decoration image, the user touches a registration button on the authentication / registration selection screen 320 shown in FIG. When neither authentication nor registration is performed, the user touches a cancel button on the authentication / registration selection screen 320 shown in FIG.

  When the registration button is touched by the user, the display unit 12 displays a registration screen of a combination of the base image and the decoration image on the touch panel 30. At this time, the base image display unit 121 displays the base image on the registration screen. An example of the registration screen displayed here is the same as the example of the touch authentication screen 310 at the time of authentication shown in FIG. For example, as in the above-described authentication, the user performs a touch operation on the base image displayed on the touch panel 30 to change the displayed base image or to select a newly registered base image. The base image selection accepting unit 131 accepts selection of a base image of a combination to be newly registered by a user operation.

  In addition, when displaying the base image on the registration screen, only the base images whose registration number in the registration information storage unit 240 is a predetermined number or less may be displayed. For example, the base image management data 225 shown in FIG. 4 records information on the number of used / usable number. The number of uses indicates the current number of registered combinations using the base image in the registration information storage unit 240, and the usable number is a predetermined number that restricts registration of combinations using the same base image in the registration information storage unit 240. Indicates the threshold value.

  If many combinations including the same base image are registered, there is a high possibility that the authentication will succeed even if the user selects a combination different from the combination registered by himself / herself. If authentication is successful with the wrong combination, the user logs in with another person's account. Here, by restricting the number of registered combinations including the same base image, it is possible to prevent the authentication from succeeding by selecting an incorrect combination of the base image and the decoration image for the user who performs the authentication.

  For example, in the base image management data 225 shown in FIG. 4, the base image with the base image ID “A003” has reached the usable number of ten. At this time, the base image display unit 121 excludes the base image with the base image ID “A003” from the options of the base image selected by the user at the time of registration.

  Further, when displaying a base image on the registration screen, a base image with a small number of registrations in the registration information storage unit 240 may be displayed more preferentially. For example, the base image display unit 121 sorts the base image options selected by the user in ascending order of the number of uses in the base image management data 225 shown in FIG. When the base image is displayed on the touch panel 30, the base image display unit 121 first displays the base image with the least number of uses. The base image display unit 121 slides and displays the base images in ascending order according to the slide operation for changing the base image displayed by the user. In this way, by displaying preferentially the base images with a small number of registrations in the registration information storage unit 240, the user can be prompted to select a combination including the base images with a small number of registrations.

  When a newly registered combination base image is selected, the decoration image display unit 122 displays a decoration image corresponding to the newly registered combination base image on the registration screen. An example of the registration screen displayed here is the same as the example of the touch authentication screen 310 at the time of authentication shown in FIG. In addition, when displaying a decoration image for the first time on a registration screen, you may control not to display the combination of the decoration image registered into the registration information storage part 240. FIG.

  For example, as in the above-described authentication, the user performs a touch operation on the decoration image displayed on the touch panel 30 to change the decoration image to be displayed or to select a combination decoration image to be newly registered. The decoration image selection receiving unit 132 receives selection of a combination image to be newly registered by a user operation.

  As in the case of the above-described base image, when displaying a decoration image on the registration screen, only a decoration image whose registration number in the registration information storage unit 240 is a predetermined number or less may be displayed. Similarly to the above-described base image, when displaying a decoration image on the registration screen, a decoration image with a small number of registrations in the registration information storage unit 240 may be displayed with higher priority. Note that when the number of usable base images is set to “1”, there is no need to restrict the use of decorative images.

  When a newly-decorated combination decoration image is selected, the registration unit 16 stores a combination of a newly registered combination base image and a newly registered combination decoration image selected by the user as registration information. Registered in the unit 240. At this time, the registration unit 16 registers authentication information to be output to the authentication information input area 301 upon successful authentication in association with the combination of the base image and the decoration image. For example, the registration unit 16 requests the user to input authentication information, and registers the obtained authentication information in the registration information storage unit 240 in association with the combination of the base image and the decoration image.

  15 to 18 are flowcharts of registration processing by the authentication apparatus according to this embodiment.

  In the authentication device 10, the detection unit 11 detects that the authentication information input area 301 is displayed on the touch panel 30 (step S20). The detection unit 11 displays a touch authentication button 302 in the vicinity of the input area 301 of the detected authentication information on the touch panel 30 (step S21). The detection unit 11 determines whether the touch authentication button 302 on the touch panel 30 has been touched by the user (step S22).

  When the touch authentication button 302 is not touched (NO in step S22), the authentication device 10 does not perform authentication processing using an image according to the present embodiment. In this case, for example, the user directly inputs authentication information into the authentication information input area 301 without touching the touch authentication button 302 and logs in to the Web service.

  When the touch authentication button 302 is touched (YES in step S22), the detection unit 11 displays the authentication / registration selection screen 320 on the touch panel 30 (step S23). The detection unit 11 determines whether authentication or registration has been selected by the user (step S24).

  If the authentication button is touched by the user and authentication is selected (authentication in step S24), the authentication device 10 performs an authentication process. Here, the authentication apparatus 10 proceeds to the process of step S13 in the authentication process flowchart shown in FIG.

  When the registration button is touched by the user and registration is selected (registration in step S24), the authentication apparatus 10 performs a registration process. In the registration process, the base image display unit 121 sequentially selects one base image record in the base image management data 225 shown in FIG. 4 (step S25). The base image display unit 121 determines whether the number of used records of the selected base image is equal to or less than the usable number (step S26).

  If the number of records used in the selected base image is less than or equal to the usable number (YES in step S26), the base image display unit 121 adds the corresponding base image to the options of the base image displayed on the touch panel 30. (Step S27). If the number of records used in the selected base image is not less than or equal to the usable number (NO in step S26), the base image display unit 121 selects the corresponding base image from options of base images to be displayed on the touch panel 30. exclude.

  The base image display unit 121 determines whether or not the number of uses has been confirmed for all the base images managed by the base image management data 225 shown in FIG. 4 (step S28). If the confirmation has not been completed for all the base images (NO in step S28), the base image display unit 121 returns to the process of step S25 and proceeds to the process for the next base image.

  If confirmation has been completed for all the base images (YES in step S28), the base image display unit 121 sorts the selected base images in ascending order of use (step S29).

  The base image display unit 121 displays option base images on the touch panel 30 in the order of decreasing usage (step S30). The user performs an operation on the base image displayed on the touch panel 30. The base image selection receiving unit 131 determines whether the currently displayed base image is selected by the user's operation (step S31). When the currently displayed base image is not selected (NO in step S31) and the user performs a slide operation on the base image, the base image display unit 121 returns to the process of step S30 and continues to the next. The base image of is displayed.

  When the currently displayed base image is selected (YES in step S31), the base image selection accepting unit 131 combines the current base image selected by the user's operation with a newly registered base image. (Step S32).

  The decoration image display unit 122 sequentially selects one decoration position of the decoration image with respect to the base image (step S33).

  The decoration image display unit 122 sequentially selects one decoration image record at the selected decoration position in the determined base image in the decoration image management data 235 shown in FIG. 7 (step S34). The decoration image display unit 122 determines whether or not the number of records used in the selected decoration image is less than or equal to the usable number (step S35).

  If the number of used decoration image records is less than or equal to the usable number (YES in step S35), the decoration image display unit 122 adds the corresponding decoration image to the selection of decoration images to be displayed at the corresponding decoration position. (Step S36). If the number of used decoration image records is not less than the usable number (NO in step S35), the decoration image display unit 122 selects the decoration image to display the corresponding decoration image at the corresponding decoration position. Exclude from

  The decoration image display unit 122 determines whether or not the confirmation of the number of uses has been completed for all the decoration images at the corresponding display position of the corresponding base image managed by the decoration image management data 235 shown in FIG. 7 (step S37). . If the confirmation has not been completed for all the decoration images (NO in step S37), the decoration image display unit 122 returns to the process in step S34 and proceeds to the process for the next decoration image.

  If the confirmation has been completed for all the decoration images (YES in step S37), the decoration image display unit 122 sorts the decoration images of options at the decoration position in ascending order of use (step S38). The decoration image display unit 122 determines whether the processing has been completed for all decoration positions (step S39). If the process has not been completed for all the decoration positions (NO in step S39), the decoration image display unit 122 returns to the process in step S33 and proceeds to the process for the next decoration position.

  If the processing has been completed for all decoration positions (YES in step S39), the decoration image display unit 122 selects one combination of decoration images corresponding to the newly registered combination base image (step S40). . Here, it is assumed that the decoration image of the option is selected in ascending order of use for each decoration position, and a combination of the decoration images is generated. The decoration image display unit 122 refers to the registration information storage unit 240 and determines whether the combination of the selected decoration image is a registered combination (step S41). If it is a registered combination (YES in step S41), the decoration image display unit 122 returns to the process in step S40 and selects another combination of decoration images. If it is not a registered combination (NO in step S41), the decoration image display unit 122 displays the selected combination of decoration images on the touch panel 30 (step S42).

  The user performs an operation on the decoration image displayed on the touch panel 30. The decoration image selection receiving unit 132 determines whether the decoration image currently displayed is selected by the user's operation (step S43). When the decoration image currently displayed is not selected (NO in step S43) and the decoration image slide operation is performed by the user, the decoration image display unit 122 displays the decoration image specified by the user's operation. Is changed by sliding (step S44). Here, it is assumed that decorative images of options are displayed in a slide order in ascending order of use at the corresponding decorative position. The decoration image selection receiving unit 132 returns to the process of step S43 and receives the next user operation.

  When the currently displayed decoration image is selected (YES in step S43), the decoration image selection receiving unit 132 determines that the combination of the currently displayed decoration image is a combination registered in the registration information storage unit 240. (Step S45). If it is a registered combination (YES in step S45), the decorative image selection receiving unit 132 returns to the process in step S43 and receives the operation of the next user. At this time, the user is prompted to select another combination of decorative images.

  If it is not a registered combination (NO in step S45), the decoration image selection receiving unit 132 determines the current decoration image selected by the user's operation as a decoration image to be newly registered (step S46). ). The registration unit 16 registers, in the registration information storage unit 240, a combination of the base image to be newly registered and the decoration image selected by the user (step S47). At this time, the registration unit 16 increments the number of base image and decoration image records to be newly registered in the base image management data 225 and the decoration image management data 235. The registration unit 16 acquires authentication information to be output to the authentication information input area 301, and registers the acquired authentication information in the registration information storage unit 240 in association with a combination of a newly registered base image and decoration image. (Step S48).

  Although the present embodiment has been described above, the present invention can naturally be modified in various ways within the scope of the gist thereof.

  For example, in the present embodiment, an example of performing authentication using an image according to the present embodiment for user authentication for automatically inputting authentication information that is actually input at the time of logging in to a Web service has been shown. It is not limited to. For example, the authentication itself when logging in to the Web service may be authentication using an image according to the present embodiment.

  At this time, since the security level can be increased by increasing the choices of the base image and the decoration image, the authentication using the image according to the present embodiment can be used for authentication of a financial institution or the like. In the authentication using the image according to the present embodiment, even if the options of the base image and the decoration image are increased, the user only has to remember one image completed by decorating the base image with the decoration image. In general, authentication using a personal identification number or the like can avoid a number such as a birthday or a telephone number that is easy to remember but leaks as the personal identification number. In the authentication using the image according to the present embodiment, the user does not need to memorize a complicated password that is difficult to remember, and only has to remember one image that is easy to remember intuitively.

  In this embodiment, an example of performing authentication using an image according to this embodiment in user authentication when using a service on the Web has been described, but the present invention is not limited to this. For example, in a PC shared by a plurality of users such as family members, user authentication using an image according to this embodiment may be performed when using an application that handles personal information such as a scheduler.

  In this embodiment, an example in which a base image is divided into five horizontal areas and decorated with a decoration image is shown. However, the position and number of areas where the decoration image is arranged can be arbitrarily designed. . Alternatively, the base image may be decorated in such a manner that the decoration image layer is superimposed on the base image layer without dividing the base image region.

  Further, in the present embodiment, as illustrated in FIGS. 6 and 7, an example in which a decoration image corresponding to each base image is prepared has been described. It may be prepared.

  In this embodiment, an example in which the display of the base image or decoration image selected by the user's slide operation is switched has been described. For example, the display is switched to the next image every time the user touches the image. , Arbitrary design is possible for the image switching operation. Further, when displaying the base image and the decoration image, a list display may be used instead of the image switching display.

  In the present embodiment, an example in which a user performs a touch operation on the touch panel 30 using a touch terminal has been described. However, for example, an operation using a keyboard or a mouse on a PC or the like can be arbitrarily designed. Is possible.

DESCRIPTION OF SYMBOLS 10 Authentication apparatus 11 Detection part 12 Display part 121 Base image display part 122 Decoration image display part 13 Operation reception part 131 Base image selection reception part 132 Decoration image selection reception part 14 Judgment part 15 Output part 16 Registration part 200 Base image storage part 210 Decoration image storage unit 220 Base image management information storage unit 230 Decoration image management information storage unit 240 Registration information storage unit 30 Touch panel

Claims (6)

Computer
Display the base image on the display device,
Accept selection of displayed base image,
A prior image Kibe over scan image is divided into a plurality, a plurality of decoration image part of the divided image is changed each displayed on the display device,
Accepting each selection of a plurality of decorative images displayed,
Accepted, the combination of before and Kibe over scan image and the plurality of decorative images, when the combination of information between the base image and the decoration image is registered in the storage unit to be registered, and the authentication has succeeded determination Yes An authentication program for executing the process. The decoration image processing to be displayed on the display device, the authentication program according to claim 1, each of the decoration image, characterized in that each displayed in a predetermined position in the region where the base image is displayed to be authenticated. In addition to the computer,
Displaying a base image whose registration number in the storage unit is a predetermined number or less on the display device;
Accepting selection of a combination base image to be registered in the storage unit;
An image of the base image combination is divided into a plurality of the registration, a plurality of decoration images a part of which is changed each divided image, displayed on the display device,
Accept selection of decorative images for combination to register,
The authentication program according to claim 1 or 2, wherein a combination of the registered base image and the registered decorative image is registered in the storage unit. In the process of displaying the base image on the display device, when the authentication information input area is displayed on the display device, the base image is displayed on the display device,
In addition to the computer,
The authentication information associated with a combination of the base image to be authenticated and the decoration image to be authenticated is output to the input area when it is determined that the authentication is successful. The authentication program according to any one of Items 3 to 3. A base image storage unit for storing a plurality of base images;
A decoration image storage unit for storing a plurality of decoration images in which the base image is divided into a plurality of images and each of the divided images is changed ;
A registered information storage unit for registering information on a combination of a base image and a plurality of decorative images;
A base image display unit for displaying a base image stored in the base image storage unit on a display device;
A base image selection receiving unit for receiving selection of the displayed base image;
A decoration image display unit for displaying a plurality of decoration images of the displayed base image stored in the decoration image storage unit on the display device;
A decoration image selection accepting section for accepting each selection of a plurality of decorative images displayed,
Accepted, the combination of before and Kibe over scan image and the plurality of decorative images, if it is registered in the registration information storage unit, characterized in that it comprises a determination unit and the authentication has succeeded Authentication device. Computer
Display the base image on the display device,
Accept selection of displayed base image,
A prior image Kibe over scan image is divided into a plurality, a plurality of decoration image part of the divided image is changed each displayed on the display device,
Accepting each selection of a plurality of decorative images displayed,
Accepted, the combination of before and Kibe over scan image and the plurality of decorative images, when the combination of information between the base image and the decoration image is registered in the storage unit to be registered, and the authentication has succeeded determination An authentication method characterized by executing a process of performing.

Images