JP2001092783A - Method and system for personal authentication, and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method and a system for personal authentication capable of suppressing unauthorized use by an unauthorized third party even in such a case that an authenticated regular user is out. SOLUTION: This system is provided with a step to collect and store at least one of operation procedures, an operating state, operation environment of an input means to obtain a target result in an individual file and a step to suppress use of a computer system or resources to be attached to the computer system by monitoring the operation procedures, the operating state, the operation environment of the input means at specified monitoring intervals, comparing data collected during monitoring period of them with data preliminarily stored in the individual file and authorizing the user as the unauthorized user when difference between both data is not within an allowable range with respect to the input of a user name or a password by which the user intends to obtain use permission of the computer system.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a personal authentication method and system for a user using a computer system.

[0002]

2. Description of the Related Art Conventionally, as a technique relating to a personal authentication method of a computer system, personal authentication information is stored in advance on a computer-readable recording medium (such as a floppy (registered trademark) disk), and input of the personal authentication information is explicitly performed. A method of requesting a user to perform personal authentication by comparing input data with personal authentication information stored in a computer. For example, when using a computer, a screen prompting the user to enter a password is displayed, the entered password is compared with a preset password, and if the passwords are the same, use of the computer is permitted. . Also, physical information such as fingerprints and voices are stored, and when a computer is used, a screen prompting the user to input data to a fingerprint reader or a voice input device is displayed. They compared the information with other physical information, and if they were the same, allowed the use of the computer.

[0003]

However, in the personal authentication method using the above-mentioned conventional technology, anyone can obtain personal authentication as a specific individual if personal authentication information such as a preset password is known. There is a problem that unauthorized use by an unauthorized third party cannot be suppressed. In addition, in order to input physical information such as a fingerprint, a special input device such as a fingerprint input device is required, and there is a problem that the cost increases. In particular, when an authenticated authorized user leaves the desk in a state where personal authentication has been received, another person can operate the computer. It is an object of the present invention to provide a personal authentication method and system capable of suppressing unauthorized use by an unauthorized third party even when an authenticated authorized user leaves.

[0004]

In order to achieve the above object, the present invention relates to a personal authentication method in a computer system having at least a keyboard and a pointing device as input means operated by a user. Collecting and accumulating at least one of an operation procedure, an operation mode, and an operation environment of the input means to obtain a personal file; and inputting a user name or a password for obtaining permission to use the computer system. Monitoring the operation procedure, operation mode, and operation environment of the input means at a predetermined monitoring interval, comparing data collected during the monitoring period with data previously stored in the individual file, If the difference is not within the permissible range, it is identified as an unauthorized user and the computer system or the Characterized in that it comprises the step of inhibiting the use of the resources that come with over Tashisutemu.

[0005] Further, as an input means operated by the user,
A computer system having at least a keyboard and a pointing device, a means for collecting and storing at least one of an operation procedure, an operation mode, and an operation environment of the input means for obtaining a desired result in an individual file; In response to input of a user name or a password to obtain a use permission, at least one of an operation procedure, an operation mode, and an operation environment of the input unit is monitored at a predetermined monitoring interval, and data collected during the monitoring period is monitored. Means for comparing data stored in the individual file in advance and determining that the difference between the two is within an allowable range as an unauthorized user, thereby suppressing the use of the computer system or resources attached to the computer system; And a personal authentication processing means including:

[0006]

DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described below in detail with reference to the drawings. FIG. 1 shows a computer system according to an embodiment of the present invention. The computer system of this embodiment includes an input device 10, an arithmetic device 20, a control device 30, an output device 40, and a storage device 5.
0.

The input device 10 is a device for inputting data. The input device 10 is divided into an interactive input device, a sheet input device, and other input devices. Examples of the interactive input device include a keyboard, a voice input device, and a pointing device (mouse). Examples of the sheet type input device include an optical character reading device and an optical mark reading device. Other input devices include a barcode reader and an image scanner. The keyboard 101 is an input device for a user to input characters and numbers by pressing buttons called keys. The mouse 102 is an input device having a plurality of buttons for detecting a moving direction and a moving amount by moving the user on a desk or the like and inputting the detected data to a computer. The arithmetic device 20 is a device that performs arithmetic and logical operations in a computer. The control device 30 is a device that controls another device on the computer. The output device 40 is a device that outputs data on a computer. Output devices are classified into interactive output devices and sheet output devices. Examples of the interactive output device include a display and a sound output device. Examples of the sheet format output device include a printer and a plotter. The storage device 50 is a device that stores computer data and programs. The storage device 50 is divided into a main storage device and an auxiliary storage device. The control device 30 and the arithmetic device 2
0, the main storage device is collectively called a processing device. Storage device 5
In 0, an area (file) for storing the personal input data 501 is secured.

[0008] The personal input data 501 is for collecting and accumulating operation procedures, operation modes, and operation environments in the input device 10 for obtaining a desired result for each individual. When only one computer system is used by one person, only one personal input data 501 is created. When a plurality of persons share the computer system, only one person is created.

According to the present invention, at least one of an operation procedure, an operation mode, and an operation environment of the input device 10 is monitored at a predetermined monitoring interval in response to an input of a user name or a password for obtaining permission to use the computer system. Then, the data collected during the monitoring period is compared with the personal input data 501 collected and accumulated in advance,
If the difference between the two is not within the allowable range, the user is identified as an unauthorized user, and the use of the computer system or resources attached to the computer system is suppressed.

Here, the resources attached to the computer system include all storage devices, output devices, programs, external networks, and the like, and the resources to be suppressed can be set in advance by an authorized user of the computer system. Therefore, there are cases where all are suppressed and cases where some are suppressed.

In the present invention, the monitoring of the operation procedure, the operation mode, and the operation environment of the input device 10 is performed so that neither the authorized user nor the unauthorized user can be aware of.
The operation procedure, operation mode, and operation environment data of the input device 10 are collected.

Here, the operation procedure is, as described later,
When inputting a character with a keyboard, for example, when inputting “shi”, input “CI” or “S
"HI". In addition, the operation mode means that, for example, when performing page switching, a page switching icon is performed by a mouse operation,
This refers to how to use the input means until a desired result is obtained, as if by a function key operation. For example, when information is collected via a network, the operation environment refers to a case where a desired information source is specified in an environment in which information sources are listed, or the URL address of the information source is directly displayed without displaying the list. An environment that uses an input device, such as whether it is specified. The present invention focuses on the fact that an individual has such an operation procedure, an operation mode, and an operation environment, and uses this individuality to authenticate whether or not the user is a legitimate user.

A method of monitoring the rhythm of key operation and performing authentication based on the difference in the rhythm (Japanese Unexamined Patent Application Publication No. 11-15 / 1999)
No. 900), however, since the rhythm varies depending on the proficiency of the key operation and the user's physical condition, even a regular user may be rejected, which is not preferable.

FIG. 2 shows an outline of a method for collecting personal input data. The control program (operating system (OS)) stored in the storage device 50 receives the input data 60 input from the input device 10 and executes any one of the processes 1 to 3 executed on the arithmetic device 20. Pass to. At the same time, the data is passed to the personal input data creation processing 70, and the personal input data 501 is collected.

First, an embodiment of an authentication method using individual differences in key operation procedures will be described. For example, as shown in FIG. 3, when the user inputs a sentence “There was a shinji”, in the case of Roman alphabet input, “zisingaar
Imacita "on the keyboard. Here, there are a plurality of input patterns when a computer is to perform a certain operation. In this sentence, the user authentication target locations correspond to the three underlined "ji" and "shi". As shown in FIG. 4, if the kana input is included, there are four input methods for "shi" and three input methods for "ji". The user has selected any one of the input procedures, and it is assumed that the user normally performs the key operation with the same input procedure every time. FIG. 5 is an authentication table 500 that defines the correspondence between the characters to be authenticated and the key input pattern of the user, focusing on such individual differences in the key operation procedure. As shown in FIG. 4, a plurality of input procedures can be considered for "shi". However, it is assumed that a legitimate user always presses the [S] key and [I] key of the keyboard sequentially in a state of inputting Roman characters. Is not recognized as a valid user. In FIG. 5, a plurality of other characters to be authenticated, such as "ji" and "tsu", are set.

Hereinafter, the processing of this embodiment will be described with reference to the flowchart of FIG. First, the user name and user I
An inquiry is made to identify a user such as D (step 601), and it is checked whether an authentication table 500 for the user exists (step 602).

FIG. 7 illustrates that personal input data is stored for each user.
The personal input data creation process 70 of 0 stores the received input as personal input data of each user. If it does not exist, an authentication table creation process described later (step 6)
Perform 14). In FIG. 7, the personal input data 501A, 501 for each of the users A, B, C is obtained by this processing.
B, 501C is created. In FIG. 7, two data files (1) and (2) are created for one user. This is because input data at the current monitoring time is collected and accumulated.
This is because the input data during the previous monitoring time is accumulated.

Next, a user's input from the keyboard is accepted, and the input information is collected as personal input data 501 (step 603). This is repeated until a predetermined monitoring time defined in advance is reached, and the personal input data 501 is stored (step 604).

After a predetermined monitoring time has elapsed, user authentication is performed using the stored personal input data 501.
First, it is determined whether a character to be authenticated has been acquired (step 605). Taking FIG. 2 as an example, FIG. 8 shows personal input data of one sentence "There was a shin." From the information registered in the authentication table 500 of FIG. 5, the character to be authenticated in the example sentence is “ji” 1
There are a total of three places, ie, two places “shi”. Here, it is assumed that “ji” is acquired first. Next, it is determined whether the user's key input is registered as an authentication permission input in the authentication table 500 (step 606).

The authentication target "ji" is No. 1 of the personal input data.
[Z] and [I], and the input order is registered in the authentication table 500 as an authentication permission input. Further, personal input statistical data comparison processing described later is performed (step 607), and it is checked whether the input is a valid user input (step 608). Step 606, Step 60
If it is determined in step 8 that the user is an unauthorized user, authentication failure processing described later is performed (step 609).

The above processing is repeated until authentication processing is performed on all the authentication targets (step 610). In this repetition processing, the authentication of “shi” is also performed, and the corresponding personal input data is item No. 3 [S], item 4 [I] and item No. 14
[C] and 15 [I]. Referring to the authentication table 500, the authentication permission input of the authentication target “shi” is [S] [I], and even if the item numbers 3 [S] and 4 [I] are determined to be valid users, the item number 14 For [C] and 15 [I], authentication failure processing is performed as an invalid user input.

Finally, it is determined whether or not all of the user's inputs have been completed (step 611). If not, the personal input data is switched (step 612). Data (701A, 701B, 701C in FIG. 7) is created (step 6).
13) Return to step 603 again. As a result, the input data is always collected while the user inputs the text,
In addition, the authentication process is continuously performed at regular intervals (predetermined monitoring time intervals).

FIG. 9 illustrates the personal input statistical data creation processing in step 613. There are two areas (files) for storing the personal input data 501, 501-1 and 501-2, and the switching is performed after a predetermined monitoring time in step 604 in this embodiment. The switching may be performed when the storage capacity becomes larger than a predetermined storage capacity. When the switching occurs and personal input data is created in the other storage area, personal input statistical data creation processing 90 (step 61)
3) creates personal input statistical data 701 from personal input data stored in the other storage area. The personal input statistical data 701 is a total of personal input data, and is used for personal input statistical data comparison processing (step 607) and for grasping the input tendency of the user.

In the authentication table creation process of step 614, an authentication table for a new user is created.
For example, a sampling period during which authentication is not performed may be provided, during which the computer collects a log of the user's input, extracts a user-specific input pattern therefrom, and registers it in the authentication table 500. In the example of FIG. 4, if it is determined that the user always inputs [C] [I] when inputting "shi", this can be used as an authentication target input. Of course, the user may arbitrarily set the authentication target input and the input procedure in the authentication table 500 in advance.

Next, the personal input data statistical comparison processing in step 607 will be described. Even if the input sequence of the authentication target input performed earlier matches the authentication table 500, there is a possibility that the unauthorized user imitated the input of the legitimate user and performed the input. Therefore, in the present processing, a function of further performing the authentication of the user from the time interval of the key input and improving the accuracy of the authentication is added.

FIG. 10 is a diagram showing an outline of the personal input data comparison processing. The past personal input data is stored in the personal input statistical data 701 created in step 613, and based on this, the personal input statistical data calculation processing 100
1, the personal input statistical data 1002 for comparison is created, and the personal input statistical data comparison processing 1003 (step 607) is used to generate the latest personal input data 501 (NEW).
Authentication is performed by comparing with.

FIG. 11 shows statistical data 100 for individual input for comparison.
2 is a diagram showing a detailed example of FIG. Minimum key interval 1101 and maximum key interval 110 for each authentication target input from past data
2. The average key interval 1103 is calculated. In FIG. 11, the minimum key interval between key inputs [Z] → [I] of “J” = 0.43, the maximum key interval = 0.72, the average key interval =
It is calculated as 0.55 (second). On the other hand, when looking at FIG. 8 which is the latest personal input data, the input No.
Although the key intervals of 1 and 2 are 0.60 from the difference between the input times, the average required time 0.55 ± correction value 0.10 is determined to be a valid user input. Authenticate with a proper user Since the comparison personal input statistical data 1002 is updated each time the personal input statistical data creation processing is performed, the value can be changed according to the user's skill in input operation or a change in input speed.

The correction value 1104 in FIG.
The value is determined by a calculation method as shown in FIG. First, the comparative individual input statistical data 1002 shown in FIG.
Is created, data shown in FIGS. 12A and 12B is obtained. The data in FIG. 12A is a past key interval of a specific authentication target input, and the data in FIG.
Average value of key intervals created based on the data of 2 (a),
Standard deviation, number of records. Based on the reliability specified in advance based on the data of FIG.
The significance level as shown in (c) is obtained, and the significance level is further determined.
Using the standard deviation and the number of cases, a confidence interval for the population as shown in FIG. This confidence interval is shown in FIG.
(FIG. 12 (e)), and the input interval from the value obtained by subtracting the confidence interval from the average value of the key intervals to the value obtained by adding the confidence interval to the average value is regarded as a regular user. In this case, the correction value 1104 may be set by the user himself.

Next, the authentication failure processing in step 609 of FIG. 6 will be described. If the authentication processing in steps 606 and 608 fails, it is determined that an input has been made by an unauthorized user, and usage is suppressed. For example, improper use countermeasures such as issuing a warning to the user, requesting re-input of the password, forcibly interrupting the user's processing, and locking the user account so that the processing cannot be performed are conceivable. Such an unauthorized use countermeasure may be executed with one authentication failure, but the following method is also available.

FIG. 13 is an authentication failure table 1300 in which countermeasures against improper use are leveled according to the number of authentication failures. The authentication failure point 1303 is a point that is accumulated each time authentication fails. For example, if one point is added for one authentication failure, the “failure” of level 2 is illegally used in the fifth failure. Performed as a measure. Further, even if one point of authentication does not require one point, the authentication failure in step 606 is added with three points,
The authentication failure in step 608 can be arbitrarily set by the user such as adding two points.

As described above, in the authentication processing of the present embodiment, since personal authentication is performed using an input pattern that is difficult to see from the eyes of the user, there is little possibility of being stolen by another person such as a password or ID. By defining more target inputs, a large number of authentication patterns can be generated. In addition, since this authentication is performed continuously while the user is using the computer or while the predetermined application is running, even if the unauthorized user uses the computer while the formal user is away from the desk, the computer is not used. Can be determined not to be a legitimate user from the input pattern, and its use can be prohibited. On the other hand, since the unauthorized user cannot see what kind of authentication the computer is performing, the effect of forcing the unauthorized intrusion to be obtained is obtained.

Next, a description will be given of a second embodiment in which personal authentication is performed from the user's icon operation mode. In most cases, even in the icon operation for a specific process, the operation procedure is determined, and there are a plurality of selectable input procedures. Screen 140 shown in FIG.
In the termination processing of the application program having 0, there are methods such as “use a menu bar”, “use an icon menu”, “use a right-click menu”, and “use a shortcut key” as shown in FIG. There are more steps if you look closely. Even if the application is terminated using the menu bar at once, as shown in the broken line frame in FIG. 14B, a method for terminating the file pull-down display with two patterns and a termination execution with three patterns, a total of six patterns Exists. The present embodiment authenticates a valid user based on which operation mode the user is using, and will be described in detail below.

FIG. 15 is a diagram showing an example of an authentication table 1500 in the case where user authentication is performed based on individual differences in the operation mode of the user. While the authentication table 500 of FIG. 5 defines only valid user input, this table 1
500 defines all of the procedures to reach a particular operation or result. In the example of FIG. 15, all the operation procedures for performing the termination processing of the application are defined, and the application cannot be terminated in any order other than the input order defined here. Therefore, when the user executes the application, one of the input procedures defined here is always executed. Authentication permission is an input procedure recognized as that of a valid user. In the example of FIG. 15, when the procedures of “NO. 1” and “NO. 3” are used to terminate the application using the menu bar, the user is recognized as a valid user, and the other input procedures are illegal. The user is determined.

Hereinafter, the processing of this embodiment will be described with reference to the flowchart of FIG. First, the input of the user is accepted (step 1601), and after it is collected as personal input data (step 1602), it is determined whether the input is an authentication target input (step 1603). Specifically, the determination is made based on the content of “order 1” of each input procedure registered in the authentication table 1500 in FIG.
For example, when the user left-clicks the icon “file” with the mouse, “NO.
1 "," NO.2 "and" NO.3 ", it is determined that the input is an authentication target input. If the user input is not an authentication target input, the personal input data is discarded (step 1604), and the determination process ends.

Next, it is determined whether or not the authentication target input has been completed (step 1605). The end of the authentication target input means a state in which any of the input procedures registered in the authentication table 1500 has been completed. Input procedure "NO.1", "N
O. In both “NO. 2” and “NO. 3”, there is an operation after “Procedure 1”, so that the authentication target input is not completed, and the process returns to step 1601.

Then, the user's input is accepted again, personal input data is collected, and an authentication process is performed to determine whether or not the input is an authentication target input (steps 1601 to 1603). Since the authentication target inputs have already been narrowed down to “NO.1,” “NO.2,” and “NO.3,” it is determined whether the user input matches “order 2” of these three input procedures. judge. If the user has left-clicked the icon “end” with the mouse, it is determined that “order 2” of “NO. 1” has been performed. Then, in step 1605, the user input is “N”.
O. Assuming that "1" has been completed, the input of the authentication target is determined to be completed, and the process proceeds to the next step.

After storing the personal input data (step 1)
606), the user's series of inputs is the authentication table 1500
To determine whether the authentication is permitted (step 160).
7). The “O” mark of “authentication permitted” in the authentication table 1500 indicates that the input procedure “NO. 1” is an input procedure of a valid user. If it is determined that the authentication is permitted, the personal input statistical authentication data comparison processing is further performed to verify the user (step 1608).
This is the same as the embodiment.

If it is not possible to authenticate as a valid user in steps 1608 and 1609, authentication failure processing similar to that of the above-described embodiment is performed (step 1610). Finally, it is determined whether or not all user inputs have been completed (step 1611), and the processing from step 1601 is repeated until the input is completed.

FIG. 17 is an example of personal input data created as a result of the above processing. According to the present embodiment,
Since inputs irrelevant to the authentication target input are not stored, it is convenient for creating personal input statistical data later, and also saves storage capacity.

Next, a third embodiment in which personal authentication is performed by focusing on individual differences in the operation environment will be described. FIG.
(A)-(e) is a figure which shows the example of the setting procedure of a user's operation environment. In this embodiment, the user sets in advance the operating environment that he or she normally uses. FIG. 18 shows an example in which an operation environment for starting a browser is set. First, according to an instruction from the computer, FIG.
Is displayed, and the user is instructed to set an operation environment (or an authentication environment in which the operation environment and the operation procedure are combined) when the browser is started. The example of FIG. 18 illustrates an example of setting an authentication environment in which an operation environment and an operation procedure are combined. Therefore, the user is prompted for FIG.
As shown in “Screen 2” of (b), for example, an application called “WWW bite memo” is opened by mouse input, and in the operating environment where this “WWW bite memo” is opened,
Open the "Start" menu and select a browser at the end. Next, on the “screen 3” of FIG. 18C, the “end” button is pressed, and further, the correction value of the key interval is input on the “screen 4” as shown in FIG. e) In “Screen 5” shown in FIG.
"K" or not, and the setting of the procedure for starting the browser in the operating environment in which the "WWW bite memo" is opened is completed. FIG.
In the example of FIG. 8, the operation of opening the browser is performed. However, the application “WWW bite memo” is opened, the “Start” menu is opened, and finally the browser is selected and opened. . That is, when the browser is opened, an authentication procedure is set such that if the user does not make an input after setting the operating environment of the application “WWW bite memo” to an open operating environment, it is determined that the input is not a valid user input. .

FIG. 19 shows an example of an authentication table 1900 created based on the user setting procedure in FIG. The authentication table 1900 shown here is one in which personal input data is configured as one set, and the input order is the same as the authentication table of the previous embodiment, and the personal data is the personal input data of the previous embodiment. Same as data. The flow of the authentication process is the same as that shown in the previous embodiment. The authentication table 1900 may be created one by one for each user for each application program, or a plurality of application programs may be grouped into one group and created.

Further, in each embodiment, the operation procedure, the operation mode, and the operation environment of the input means for obtaining the intended result have been individually described.
Needless to say, the system can be configured so that personal authentication of a user can be performed by combining a plurality of operation modes and operation environments. Although the embodiment in which the input device is applied to a computer using a keyboard and a mouse has been described, the present invention can be similarly applied to other input devices. Further, the embodiment in which the present invention is applied to a single computer has been described, but the present invention can be similarly applied to a personal authentication method in a computer connected via a network. In addition, the procedure for implementing the authentication method of the present invention includes a CD-RO as an authentication processing program.
It can be configured to be stored in a recording medium such as M and installed and executed by a general-purpose personal computer user.

[0043]

As described above, according to the present invention,
When the user is using the computer, the personal authentication using the input operation procedure, the operation mode, and the individual difference of the operation environment is performed at any time, so that the personal authentication with high security can be performed. In particular, even if the authenticated user leaves the seat, unauthorized use by a third party can be suppressed.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an embodiment of a computer system to which the present invention has been applied.

FIG. 2 is an explanatory diagram of a method for collecting personal input data.

FIG. 3 is a diagram showing an example of input data for explaining individual differences in an input procedure.

FIG. 4 is an explanatory diagram showing an example of a key operation procedure for the input data of FIG. 3;

FIG. 5 is a diagram illustrating an example of an authentication table when performing personal authentication based on individual differences in key operation procedures.

FIG. 6 is a flowchart of an authentication process when personal authentication is performed based on individual differences in key operation procedures.

FIG. 7 is a configuration diagram for each user of personal input data created by a personal input data creation process.

FIG. 8 is a diagram showing an example of collected personal input data.

FIG. 9 is an explanatory diagram of a procedure for creating statistical data of personal input data.

FIG. 10 is an explanatory diagram of a process of creating comparison personal input statistical data from personal input statistical data and comparing with the latest personal input data.

FIG. 11 is a diagram illustrating an example of personal input data for comparison.

FIG. 12 is an explanatory diagram showing a procedure for obtaining a correction value of comparison individual input data.

FIG. 13 is a diagram illustrating an example of an authentication failure table.

FIG. 14 is an explanatory diagram of a second embodiment in which personal authentication is performed based on individual differences in user operation modes.

FIG. 15 is a diagram illustrating an example of an authentication table in a case where personal authentication is performed based on individual differences in user operation modes.

FIG. 16 is a flowchart illustrating an authentication procedure when personal authentication is performed based on individual differences in user operation modes.

FIG. 17 is a diagram illustrating an example of personal input data in a case where personal authentication is performed based on individual differences in a user's operation mode.

FIG. 18 is an explanatory diagram showing a procedure for setting an authentication table when performing personal authentication based on individual differences in a user's operation environment.

FIG. 19 is a diagram illustrating an example of an authentication table in a case where personal authentication is performed based on individual differences in a user's operation environment.

[Explanation of symbols]

10 input device, 20 arithmetic device, 30 control device, 4
0: output device, 50: storage device, 101: keyboard,
102: mouse, 500: authentication table, 501: personal input data.

Claims (3)

[Claims] 1. A personal authentication method in a computer system having at least a keyboard and a pointing device as input means operated by a user, the operation procedure of the input means leading to a desired result,
Collecting and accumulating at least one of an operation mode and an operation environment in an individual file; and operating the input means at a predetermined monitoring interval in response to input of a user name or a password for obtaining permission to use the computer system. At least one of the procedure, the operation mode, and the operation environment is monitored, and data collected during the monitoring period is compared with data stored in the individual file in advance, and a difference between the two is within an allowable range. If not, identifying the user as an unauthorized user and suppressing the use of the computer system or resources attached to the computer system. 2. A computer system including at least a keyboard and a pointing device as input means operated by a user, wherein: an operation procedure of the input means for obtaining a desired result;
Means for collecting and storing at least one of an operation mode and an operation environment in an individual file, and operation of the input means at a predetermined monitoring interval in response to input of a user name or password for obtaining permission to use the computer system. At least one of the procedure, the operation mode, and the operation environment is monitored, and data collected during the monitoring period is compared with data stored in the individual file in advance, and a difference between the two is within an allowable range. If not, the computer system is provided with personal authentication processing means including means for identifying the user as an unauthorized user and suppressing use of the computer system or resources attached to the computer system. 3. A recording medium storing a personal authentication processing program in a computer system having at least a keyboard and a pointing device as input means operated by a user, wherein the operation of the input means leads to an intended result. procedure,
A process of collecting and storing at least one of an operation mode and an operation environment in an individual file; and operating the input unit at a predetermined monitoring interval in response to input of a user name or a password for obtaining permission to use the computer system. At least one of the procedure, the operation mode, and the operation environment is monitored, and data collected during the monitoring period is compared with data stored in the individual file in advance, and a difference between the two is within an allowable range. Otherwise, the recording medium is recorded as a computer-readable program including a process of identifying the user as an unauthorized user and suppressing use of the computer system or resources attached to the computer system.