JP2003140765A - Password managing device, password managing system, password managing method and program for the method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a password managing device, a password managing system, a password managing method, and its program capable of realizing extremely high security by a simple method without making an operator consider a pass word. SOLUTION: A task server is provided with a first data base in which user ID and a password for permitting log-in form a user terminal, and a password managing device is provided with a second data base in which user ID and a password for collation for log-in from the user terminal are managed and a password batch updating means for acquiring all the user ID managed in the first data base in a prescribed timing, and for automatically generating new passwords corresponding to the user ID by random numbers, and for updating the passwords managed by the first data base and the passwords managed by the second data base into the new passwords.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a password management device, a password management system, a password management method, and a program thereof for collectively changing passwords at a predetermined time to enhance security.

[0002]

2. Description of the Related Art Conventionally, when a user logs in to a business system, a user is authenticated by a user ID and a password input from a terminal.
It was necessary to remember the user ID and password.
For this reason, when the password is forgotten, the system administrator has to investigate and reset the password and notify the user.

In addition, there are many users who do not change the password for a long period of time, such as placing a paper on which a password is recorded on a desk, setting a password such as the date of birth that is easy for others to guess. Therefore, for security measures of the business system, it is necessary for the administrator to reset the password periodically and notify each user.

Even so, in general, individual users have little knowledge about security and their awareness is not so high. Therefore, no matter how often the password is changed, the changed password is often stored as it is in the user's own terminal (PC or the like). Then, another person can easily access from the user terminal.

By the way, in recent years, a technique for performing login authentication using biometric information such as fingerprints, voiceprints, retinas, etc. has been developed. However, there are various types of vendors who provide business systems on the network. Some companies have weak financial resources, and it is currently difficult for all business systems to be equipped with biometrics-based authentication. In addition, when the specifications of the business system are small, the authentication by biometrics information imposes a burden on the system.

On the other hand, it is complicated for the user to register biometrics information for each business system. In addition, it is currently difficult to equip all users with a device for recognizing biometric information.

As a prior art related to the present invention, Japanese Patent Laid-Open No.
Japanese Patent Laid-Open No. 001-14276 discloses a personal authentication system in which the user does not input a password but only the physical characteristics of the user.

[0008] Further, Japanese Patent Laid-Open No. 2001-188755 discloses a technique of accessing a desired site very easily without the need to input personal authentication data each time the service site is accessed. .

[0009]

However, the above-mentioned prior art gives some incentive and suggestion to the main object of the present invention that a considerably high security can be realized by a simple method of collectively changing passwords. Not a thing.

The present invention has been made in view of the above circumstances, and a password management device and a password that can realize a considerably high security by a simple method without making the user and the trader aware of the password. It is intended to provide a management system, a password management method, and a program therefor.

[0011]

In order to achieve the above object, the invention according to claim 1 provides a first database for managing a user ID and a password for permitting login from a user terminal. A password management device that manages a collation user ID and a password for logging in to a business server that the user terminal has, and a second database that manages the collation user ID and the password. At the timing of, all user IDs managed in the first database are acquired, a new password corresponding to the user ID is automatically generated by a random number, and the password managed in the first database and the And a password batch updating means for updating the password managed in the database of 2 to the new password. It is a symptom.

According to a second aspect of the present invention, in the first aspect of the invention, when a new password of a specific user ID is input by the administrator, the password of the user ID managed in the first database, It is characterized by further comprising individual password changing means for updating the password of the user ID managed in the second database to the new password.

The invention according to claim 3 is the invention according to claim 1 or 2.
In the described invention, in the second database, a user ID for collation and biometric information of a user of the user terminal are registered from the user terminal, and the user ID for collation from the user terminal.
When the biometric information is input, a password corresponding to the user ID is output.

According to a fourth aspect of the present invention, a business server having a first database that manages a user ID and a password for permitting login from a user terminal and collation for logging in from the user terminal. A password management device for managing the user ID and password of
A password management system having a second database that manages a collation user ID and a password, and a password management system at a predetermined timing.
All users I managed in the first database
D is acquired, a new password corresponding to the user ID is automatically generated by a random number, and the password managed in the first database and the password managed in the second database are updated to the new password. And a password collective update means.

According to a fifth aspect of the invention, in the invention according to the fourth aspect, the password management device is a user managed in the first database when a new password of a specific user ID is input by the administrator. It is characterized by further comprising individual password changing means for updating the password of the ID and the password of the user ID managed in the second database to the new password.

The invention according to claim 6 is the invention according to claim 4 or 5.
In the described invention, in the second database, a user ID for collation and biometric information of a user of the user terminal are registered from the user terminal, and the user ID for collation from the user terminal.
When the biometric information is input, a password corresponding to the user ID is output.

The invention according to claim 7 is for collation for logging in from a user terminal to a business server having a first database that manages a user ID and a password for permitting login from the user terminal. Is a password management method for managing user IDs and passwords of the user IDs, and a user ID acquisition step of acquiring all user IDs managed in the first database at a predetermined timing, and a user ID acquisition step. User I
A new password generation step of automatically generating a new password for D by a random number, a new password generated by the new password generation step, a password managed in the first database, and a verification user ID. And a password batch updating step of updating the password managed in the second database that manages the password.

According to the invention described in claim 8, in the invention described in claim 7, when a new password of a specific user ID is input from the administrator, the password of the user ID managed in the first database, It is characterized by further including a password individual changing step of updating the password of the user ID managed in the second database with the new password.

The invention according to claim 9 is the invention according to claim 7 or 8.
In the described invention, a biometric information registration step of registering a verification user ID and biometric information of the user of the user terminal in the second database from the user terminal, and a verification user ID and biometric information input from the user terminal Second when
The method further includes a password extraction step of extracting a password corresponding to the user ID from the database of 1. and an access step of transmitting the password and the user ID extracted by the password extraction step to the business server.

The invention according to claim 10 is for collation for logging in from a user terminal to a business server having a first database that manages a user ID and a password for permitting login from the user terminal. Is a computer-readable password management program that manages the user ID and password of the user ID, the user ID acquisition process of acquiring all the user IDs managed in the first database at a predetermined timing, and the user I
A new password generation process for automatically generating a new password corresponding to the user ID acquired by the D acquisition process using a random number, and a new password generated by the new password generation process and a password managed in the first database. , A password batch update process for updating the password managed in the second database that manages the collation user ID and the password, and causes the computer to execute the password batch update process.

According to the invention of claim 11, in the invention of claim 10, when the administrator inputs a new password of a specific user ID, the password of the user ID managed in the first database, It is characterized in that the computer is further made to execute the password individual change processing for updating the password of the user ID managed in the second database to the new password.

According to a twelfth aspect of the present invention, in the invention according to the tenth or eleventh aspect, a biometric information registration process for registering a user ID for collation and biometric information of the user of the user terminal from the user terminal to the second database. And a password extraction process for extracting the password corresponding to the user ID from the second database when the verification user ID and the biometric information are input from the user terminal, and the password and the user ID extracted by the password extraction process. And an access process for transmitting to the business server, and further to execute the computer.

[0023]

BEST MODE FOR CARRYING OUT THE INVENTION The present invention is a system for performing login authentication using biometric information such as fingerprints, voiceprints, retinas, etc., in which password information is automatically generated at any time using random numbers, and a user or operator can enter a password. It provides a system that can be managed without being aware of. Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings on the assumption that fingerprint information is used.

FIG. 1 is a block diagram showing the configuration of a password management system according to the embodiment of the present invention. The password management system includes a user terminal 100, a user authentication system 200, and a business system 300.

The user terminal 100 is a personal computer, workstation,
It is an information processing device such as a mobile phone or a PDA. A fingerprint reader 110 is connected to the user terminal 100. The user inputs the user ID from the operation unit when logging in.
A fingerprint is input from the fingerprint reader 110. User terminal 10
0 indicates the user ID and the fingerprint to the user authentication system 2
To 00.

The user authentication system 200 includes a login authentication database 210. A user ID, fingerprint information, and a login authentication password are registered in the login authentication database 210. When the user ID and the fingerprint are input, the login authentication database 210 collates the input user ID and fingerprint with the managed user ID and fingerprint information, and outputs a corresponding password. The user authentication system 200 transmits the user ID and the password extracted from the login authentication database 210 to the business system 300.

The business system 300 is a server device that provides a home page on the WEB or various applications on the network. Business system 30
In 0, a user ID and a login authentication password are registered in a database (not shown). The business system 300 collates the user ID and password transmitted from the user authentication system 200 with the registered user ID and password to perform login authentication. This allows the user to perform login authentication without being aware of the password.

Conventionally, it has been necessary for each user to individually change the password information, but the present invention has a system for automatically changing and managing the password as follows.
FIG. 2 is a block diagram for explaining the password management method according to the first embodiment of the present invention.

In the present embodiment, the user authentication system 200 includes a password batch change system 220. The password collective change system 220 acquires a list of user IDs from the business system 300. Next, a password is generated using a random number and is associated with each of the above user IDs. The password of the business system 300 and the login authentication database 210 is changed to the above password.

FIG. 3 is a block diagram for explaining a password management method according to the second embodiment of the present invention. The user authentication system 200 includes a password individual change system 230. The administrator of the system inputs the user ID and the new password. The individual password changing system 230 changes the corresponding passwords of the business system 300 and the login authentication database 210 to new passwords.

Next, the operation of the password management system in the embodiment of the present invention will be described. In FIG. 1, the user inputs the user ID and the fingerprint from the user terminal 100 (P1). The user terminal 100 transmits the input user ID and fingerprint to the user authentication system 200 (P2).

Next, the user authentication system 200 collates the transmitted user ID and fingerprint with the login authentication database 210 (P3). As a result of matching,
If a match is found, the password of the corresponding user ID is acquired and returned to the user authentication system 200 (P4-1). As a result of the above collation, if no collation is made, a login failure notification is returned to the user terminal 100 (P4-2).

The user authentication system 200 has a user ID
And the password acquired in P4-1 in the business system 30.
0 (P5). The business system 300 performs login authentication with the user ID and password acquired in P5. If the authentication is successful, a login completion notification is given (P7-1). When the authentication fails, the login failure is notified (P7-2).

Next, the flow of the password collective change process will be described with reference to FIG. The password collective change system 210 acquires a list of user IDs registered in the business system 300 periodically or by an operation of the administrator (P11). Next, the same number of random numbers as the user ID acquired from the business system are generated to automatically generate a password group (P12).

Here, the random number may be generated by a general method. The content does not matter such as alphanumeric characters and katakana. However, the number of characters in the generated character string should be fixed. In this case, the login authentication database 210
Also, it suffices to simply overwrite the updated password in the area in which the password before updating of the database of the business system 300 is stored. Next, the password collective change system 220 associates each user ID acquired in P11 with the password generated in P12 (P13).

The batch password change system 220 sets the password of each user ID of the business system 300 to P1.
The password is changed to the password associated in step 3 (P14-1).
In addition, each user I of the login authentication database 210
The password of D is changed to the password associated in P13 (P14-2).

The user authentication system 200 is provided for the user terminal 100 not equipped with the fingerprint reader 110.
Every time the password is updated, the password is notified to the user terminal 100. The user of the user terminal 100 not equipped with the fingerprint reader 10 will enter the user ID and password as before when logging in. Still,
Since the batch change system automatically changes the password, you can save yourself the trouble of changing the password yourself, and also increase the security.

If the password is frequently updated by the password batch changing process (for example, several times a day), even if the password is leaked, the business system 3
It is almost impossible to illegally log in to 00. Here, the update frequency can be set arbitrarily.

In addition, since the passwords of all user IDs are collectively changed, the user who uses the user terminal 100, the company that provides the business system 300, and the management that provides the user authentication system 200 are managed. The person does not have to re-enter the password. Further, the new password generated by associating the random numbers is used as the user authentication database 210 and the business system 30.
Since it is immediately reflected in the 0 database, it is possible to prevent the login failure of the authentic user due to the discrepancy of the password.

Next, the flow of the individual password changing process will be described with reference to FIG. The administrator inputs the user ID and the new password (P21). Business system 3
The password of each user ID of 00 is changed to the password input in P21 (P22-1). Enter the password for each user ID in the login authentication database 210 as P
It is changed to the password input in 21 (P22-2).

This password individual change processing is, for example,
This is effective when the user recognizes that the password has been leaked. In this case, the user contacts the administrator of the user authentication system 200, and the administrator can individually input a new password and update the password of the user without waiting for the timing of batch password change. it can.

Next, the overall operation of the password management system according to the embodiment of the present invention will be described. FIG. 4 is a flowchart for explaining the overall operation of the password management system in the embodiment of the present invention.

First, the user terminal 100 equipped with the fingerprint reader 110 registers the user ID and the fingerprint in the login authentication database 210 (step S100). When the user ID and the fingerprint are registered in the login authentication database 210, the user authentication system 200 generates a password for the user ID by a random number and registers the password in the login authentication database 210 (step S10).
1).

On the other hand, the user terminal 100 without the fingerprint reader 110 registers the user ID and password in the login authentication database 210 (step S20).
0).

When the predetermined time has passed (step S102 / Y), the collective password changing system 220 executes collective password changing processing (step S103).
Further, when the password is input by the administrator, the individual password changing system 230 (step S104 /
Y), individual password change processing is executed (step S
105). By these changing processes, the password of the login authentication database 210 and the password of the database of the business system 300 are changed. Further, the new password is notified to the user terminal 100 not equipped with the fingerprint reader 110 (step S206).

In order to log in to the business system 300, the user of the user terminal 100 equipped with the fingerprint reader 110 inputs the user ID and the fingerprint (step S1).
07). When the input user ID and fingerprint match the registered user ID and fingerprint (step S108 / match), the login authentication database 210 outputs the password corresponding to that user ID. The user authentication system 200 transmits the user ID and the password to the business system 300.

In the business system 300, the user ID and password sent from the user authentication system 200 are
If the user ID and password of its own database are matched, the login of the user terminal 100 is permitted (step S109). Usually, you can log in because the passwords match.

In step S108, if the entered user ID and fingerprint do not match the registered user ID and fingerprint (step S108 / mismatch),
The login fails (step S110).

On the other hand, in order to log in to the business system 300, the user of the user terminal 100 without the fingerprint reader 110 inputs the user ID and password (step S207). Login authentication database 210
When the input user ID and password match the registered user ID and password (step S108 / match), the user authentication system 200 determines that the user ID and the password are the business system 300.
Send to.

In the business system 300, the user ID and password transmitted from the user authentication system 200 are
If the user ID and password of its own database are matched, the login of the user terminal 100 is permitted (step S109). Usually, you can log in because the passwords match.

In step S108, if the entered user ID and password do not match the registered user ID and password (step S108).
/ Mismatch), login failure (step S11)
0). Unless the latest password is entered, the login fails because the password does not match the password in the login authentication database 210. The user has to re-enter the latest password.

The password management method of the present invention can be realized by executing a program.
The program is provided by being recorded in an optical recording medium, a magnetic recording medium, a magneto-optical recording medium, or a semiconductor IC recording medium. Alternatively, it is provided by being downloaded from a program server by FTP (file transfer program).

The above-described embodiment shows an example of the preferred embodiment of the present invention, and the present invention is not limited to this, and various modifications can be made without departing from the scope of the invention. Is possible.

For example, in the above, the example in which the fingerprint is used as the login authentication information has been described. In this respect, any other unique information for identifying the user may be used, and other biometric information such as voiceprint and retina may be used. Also,
When each user terminal 100 is equipped with a different biometric recognition device, the user authentication system 200 may have a function of registering and collating various biometric recognition information.

Further, the user authentication system 200 can provide a password batch change service to a plurality of business systems. In that case, the user may use the same user ID or different user IDs.

[0056]

As is apparent from the above description, according to the present invention, the password management by the user becomes unnecessary.
In the conventional system, the user had to manage and change the password, but the present invention eliminates the need for password management. If the administrator of the user authentication system manages the password, rather than each user managing the password
The likelihood of the leak is low.

Further, according to the present invention, security in password management of the business system can be enhanced. Since the password information is collectively changed by the password generated by the random number, it is possible to eliminate passwords that are easily guessed by others and passwords that are not changed for a long time, and improve the security of the business system.

Further, according to the present invention, the conventional user I
It can be used together with the D and password authentication methods. For example, if a temporary password entry is required due to a fingerprint reader failure or finger injury, the administrator can set the password individually and notify the user.
The conventional authentication method (authentication by inputting a password) can also be supported.

Further, according to the present invention, it is possible to enhance security even in a business system having a small spec and only password authentication. Therefore, the user can utilize his / her own fingerprint reader even for such a business system.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of a password management system according to an embodiment of the present invention.

FIG. 2 is a block diagram for explaining a password management method according to the first embodiment of the present invention.

FIG. 3 is a block diagram illustrating a password management method according to a second embodiment of the present invention.

FIG. 4 is a flowchart for explaining the overall operation of the password management system in the embodiment of the present invention.

[Explanation of symbols]

100 user terminals 110 fingerprint reader 200 user authentication system 210 User Authentication Database 220 batch password change system 230 Password Individual Change System 300 business system

─────────────────────────────────────────────────── ─── Continued Front Page (51) Int.Cl. ⁷ Identification Code FI Theme Coat (Reference) H04L 9/32 H04L 9/00 673A 673D

Claims (12)

[Claims] 1. A collation user ID and password for logging in from a user terminal to a business server having a first database that manages a user ID and password for permitting login from the user terminal. And a second database that manages the user ID and password for verification, and all the users that are managed by the first database at a predetermined timing. Obtain the ID and
Batch password update for automatically generating a new password corresponding to D by a random number and updating the password managed in the first database and the password managed in the second database to the new password A password management device comprising: 2. When the administrator inputs a new password of a specific user ID, the password of the user ID managed by the first database and the user managed by the second database. 2. The password management device according to claim 1, further comprising individual password changing means for updating the ID password and the new password. 3. The second database registers the collation user ID and biometric information of the user of the user terminal from the user terminal, and the collation user ID and biometric information is registered from the user terminal. The password management device according to claim 1 or 2, wherein a password corresponding to the user ID is output when is input. 4. A business server having a first database managing a user ID and a password for permitting login from a user terminal, and a collation user ID and password for logging in from the user terminal. A password management device for managing and
A password management system having: a password management device, wherein the password management device is managed by the first database at a predetermined timing and a second database that manages the verification user ID and password. Get all the user IDs,
Batch password update for automatically generating a new password corresponding to D by a random number and updating the password managed in the first database and the password managed in the second database to the new password A password management system comprising: 5. The user ID managed by the first database when the password management device inputs a new password of a specific user ID from an administrator.
5. The password management system according to claim 4, further comprising password individual changing means for updating the new password and the password of the user ID managed by the second database to the new password. 6. The second database registers the collation user ID and biometric information of the user of the user terminal from the user terminal, and the collation user ID and biometric information is registered from the user terminal. 6. The password management system according to claim 4, wherein the password corresponding to the user ID is output when is input. 7. A collation user ID and password for logging in from the user terminal to a business server having a first database that manages a user ID and password for permitting login from the user terminal. A password management method for managing and, and a user ID for acquiring all the user IDs managed in the first database at a predetermined timing.
An acquisition step; a new password generation step of automatically generating a new password corresponding to the user ID acquired in the user ID acquisition step using a random number; and a new password generated in the new password generation step, the first password A password batch updating step of updating the password managed in the database and the password managed in the second database managing the collation user ID and password. Password management method. 8. The password of the user ID managed in the first database and the user managed in the second database when a new password of a specific user ID is entered by an administrator. 8. The password management method according to claim 7, further comprising a password individual changing step of updating the ID password and the new password. 9. A biometric information registration step of registering the verification user ID and biometric information of the user of the user terminal from the user terminal to the second database, and the verification user ID from the user terminal. And the biometric information are input, a password extraction step of extracting a password corresponding to the user ID from the second database, the password and the user ID extracted by the password extraction step, and the business server 9. The password management method according to claim 7, further comprising: 10. A user ID and password for collation for logging in from the user terminal to a business server having a first database that manages a user ID and password for permitting login from the user terminal. Is a computer-readable password management program for managing and, and a user ID for acquiring all the user IDs managed in the first database at a predetermined timing.
An acquisition process, a new password generation process for automatically generating a new password corresponding to the user ID acquired by the user ID acquisition process using a random number, and a new password generated by the new password generation process, the first password A password batch update process for updating the password managed in the database and the password managed in the second database that manages the verification user ID and password, and causing the computer to execute: Characteristic computer readable password management program. 11. When the administrator inputs a new password of a specific user ID, the password of the user ID managed in the first database and the second password
11. The computer-readable password management program according to claim 10, further comprising causing the computer to further execute a password individual change process for updating the password of the user ID managed in the database of 1 to the new password. 12. A biometric information registration process of registering the collation user ID and the biometric information of the user of the user terminal from the user terminal to the second database, and the collation user ID from the user terminal. And the biometric information are input, a password extraction process of extracting a password corresponding to the user ID from the second database, the password and the user ID extracted by the password extraction process, and the business server The computer-readable password management program according to claim 10 or 11, further comprising: an access process transmitted to the computer.