JP2003141079A - Password authentication method and password authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication method capable of eliminating an illicit authentication while ensuring the convenience of users. SOLUTION: This password authentication system for a password authentication system for requesting a password input again in the input of a wrong password comprises a step in which the password authentication system requests the password group input of the frequency according to an input request number K set to a number of 1 or more for authentication; a step in which the password authentication system requests the password group input of the frequency according to the input request number K again for authentication when the wrong password is included in the inputted password group; and a step in which the password authentication system increases the input request number K when the mistake of password group input is performed in the frequency according to a mistake permitting number Xmax set to a number of 1 or more.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a password authentication method and password authentication program.

[0002]

2. Description of the Related Art Generally, a password such as a personal identification number is required when using a cash card or a credit card or when accessing a computer network. In the case of a cash card, if the password is incorrectly entered three times, the card is often automatically disabled. Therefore, the owner of the card
It is necessary to go to the counter of the bank etc. and perform the procedure to enable the card.

Further, if the password required for accessing the network etc. is mistaken several times,
The user's account may be locked and you may not be able to enter the network unless the system administrator unlocks it.

[0004]

However, in recent years, since individuals have a large number of cards, the personal identification number of the card is also large, and it is easy to make a mistake in the personal identification number about three times. It can happen. Also, regarding the passwords for networks and the like, due to the spread of the Internet, there are various situations where passwords are required, and one person has a large number of passwords. Therefore, like the personal identification number of the card, it is easy to mistake the password several times.

In such a situation, if the number of times that the password or password is incorrectly entered is small, the card or network is often unusable. Whenever it becomes unusable, it is necessary to request a bank counter or network administrator for work to enable it, which reduces the convenience of the user.

On the other hand, in order to improve the convenience of the user, it is only necessary to increase the number of times the password is allowed even if it is wrong. However, simply increasing the number of tolerated errors increases the chances of an unauthorized user of the card or an attempted unauthorized access to the network finding the correct password. Therefore, the problem of card misuse occurs, or the risk of unauthorized use of the network or information leakage from the computer system increases. In particular, allowing an unlimited number of password entries reduces the security of the software for finding passwords.

The present invention has been made in view of the above problems, and an object of the present invention is to provide an authentication method capable of eliminating unauthorized authentication while ensuring user convenience.

[0008]

In order to achieve the above object, the present invention employs the following technical means. That is,
The present invention provides a password authentication method in a password authentication system that requires a password to be input again when an incorrect password is input, wherein the password group input is performed a number of times corresponding to an input request count K set to a number of 1 or more. When the password authentication system requires a step for authentication and the entered password group includes an incorrect password, the password authentication system again inputs the password group a number of times corresponding to the number K of input requests. A step of requesting for authentication, and a step of increasing the number of input requests by the password authentication system when an error in inputting the password group is made a number of times according to an error permission number set to 1 or more. And are included.

According to the present invention, at the beginning of inputting a password, a group of passwords (for example, 1) corresponding to the number of input requests (for example, one password if K is 1) is correctly authenticated. . However, if the password input person inputs an incorrect password group, the password group is required to be input again. Then, the number of mistakes in inputting the password group is the number of times (for example, 3 times) according to the number of permitted errors
When performed, the number of input requests is increased (for example, changed from 1 to 2).

Therefore, the password input person is not authenticated unless the password group is input correctly (2 in this case) according to the increased number of input requests. However,
If the person who knows the password simply forgets the password and makes a mistake, and if he / she remembers the correct password, no matter what the number of input requests K, the correct password is input the number of times corresponding to the number of input requests. It's easy to do.

No matter how many times the password is entered incorrectly, the number of input requests will only increase, and the increase in the number of input requests will not be a burden to those who remember the correct password. In addition, since the number of input requests does not increase until the number of times corresponding to the number of error permits, the number of input requests does not increase and the convenience can be maintained for a person who immediately remembers the correct password. From this point of view, it is preferable that the number of error permits is 2 or more.

[0012] On the other hand, if a person who attempts unauthorized authentication makes a mistake in the password by exceeding the allowable number of mistakes, the number of input requests increases, so that the burden of properly trying to enter the password increases, resulting in unauthorized authentication. The deterrent effect increases. In addition,
The increase in the number of input requests may be a fixed increase,
Safety is improved by increasing the value randomly.

Further, according to the present invention, after the number of input requests is increased, if the number of input errors of the password group is made a number of times corresponding to the number of error permits, the password authentication system changes the number of input requests. It is preferable to include By changing the number of input requests one after another according to the number of times the password is entered incorrectly, the security is further enhanced.
In particular, with respect to a tool for finding out a password by software, it becomes difficult to keep track of the current number of input requests, so that the security is improved. The number of input requests may be changed by increasing or decreasing by a fixed number, but the safety is enhanced by using a random value as the changed value.

Further, in the present invention, it is preferable to include a step of changing the error permission number when increasing or changing the input request number K. Since the frequency with which the number of input requests is changed also changes by changing the number of error approvals, it becomes difficult to grasp the current number K of input requests, and safety is further enhanced. In particular, with respect to a tool for finding out a password by software, it becomes difficult to grasp the current number K of input requests, so that the security is improved. It should be noted that the number of error approvals may be changed by increasing or decreasing by a certain number, but the random value is used as the change value to enhance the safety.

Further, in the present invention, the password authentication system receives the instruction to end the password input from the password input person, or the input request count K.
It is preferable to include the step of terminating the password input when the number is increased or changed a predetermined number of times or more.

By making it possible to accept an instruction for ending the password input, the password input can be voluntarily ended when the correct password cannot be remembered. If the number of input requests K is increased or changed a predetermined number of times or more, it can be considered that the correct password is completely forgotten or is in a misused state, so the password input must be forcibly terminated. Therefore, illegal authentication can be eliminated.

Furthermore, the present invention is configured as a program for causing a computer to execute the password authentication method. In the present invention, "password"
Is intended to include a "personal identification number".

[0018]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. The password authentication method according to the present invention is performed by a password authentication system having a computer program that executes the processes shown in the flowcharts of FIGS. 1 and 2. In the flowchart of FIG. 1, first, initial setting S1 is performed. In this initial setting S1, the input order I is set to primary. The input order I is an order that increases every time a wrong password is entered.

Further, in the initial setting S1, the number K of input requests and the number Xmax of allowable errors are set. Here, as an example, the input request count K is 1 and the error permission count Xmax is 3.
Is set (see FIG. 3). The input request count K is the number of password inputs required by the password authentication system for authentication. Therefore, if the number K of input requests is 1, the user is authenticated if the correct password is input once, and if the number K of input requests is 2, the user is not authenticated unless the correct password is input twice. Note that a set of passwords corresponding to the number K of input requests is called a password group.

The allowable error number Xmax is a value indicating how many times the password group can be mistakenly input in one input order, and the allowable error number Xma.
If x is 3, in the state of “input order: primary”,
You can make a mistake in entering the password group up to three times. Further, the error permission number is also a criterion for increasing the input order I, and if the error permission number Xmax is 3, if the password group input is incorrect three times in the “input order: primary” state, “input Order: Secondary ”.

Further, in the initial setting S1, the ending order M is also set. Here, as an example, the end order M is set to 4. The end order M is an order for forcibly ending the processing, and when the input order I increases to the processing order M, the processing is forcibly ended. When the end order M is increased, the number of times the password can be input is increased, and when the end order M is decreased, the number of times the password can be input is decreased. Therefore, the end order M may be appropriately determined in consideration of the safety of the system and the convenience of the user. The end order M does not have to be set.

The password is input in the password group input step S10. In this step S10, the authentication system requests the password input from the password input person (step S11), and when the password is input, counts the password input count J (step S12). Enter the password J times
Are requested until the number of input requests reaches K (step S1).
3). That is, one password group input step S1
In 0, the password input person must input the number of passwords (password group) corresponding to the number K of input requests. Here, the number K of input requests is 1, so if one password is input, the password group input step S
10 ends.

After the password group input step S10, an authentication step S20 is performed. This authentication step S20
Is determined by whether or not all the entered password groups (K passwords) are correct. If all the passwords forming the password group are correct, the authentication is established and the process can proceed to the next process.

On the other hand, when the passwords forming the password group include an incorrect password, the error number processing step S30 is performed as shown in FIG.
In the error number processing step S30, if the input password group is not correct, the error number X is counted (step S31). When the number of errors X is smaller than the number of allowed errors Xmax (step S32), the password group input step S10 and the authentication step S20 are executed again. When re-executing the password group input step S10 to request the password group to be re-entered, a message prompting the user to re-enter the password, such as "The password (password) is incorrect. Please try again" is displayed. .

When the number of mistakes X is equal to the number of permitted mistakes Xmax by mistakenly inputting the password group several times,
The end instruction step S40 is executed. In the end instruction step S40, a message such as “I have made a mistake in the password for X times in succession. Do you want to continue processing?” Is displayed, and the password input person is prompted to input an instruction to end or continue the processing. If the instruction to end the password input is accepted, the process ends. At the end of the process, subsequent authentication is disabled.

When the instruction to continue the process is received, the step S50 for changing the input order I or the like is executed. In the change processing step S50, the input order I is increased by "1". That is, the input order I changes from "first order" to "second order". Furthermore, the input request count K and the error permission count Xmax are changed.

As shown in FIG. 3, in the "input order: quadratic", the input request number K and the error permission number Xmax are increased by 1, and the input request number K is 2 and the error permission number Xmax is 4. Become. Here, the number of input requests K is changed by one each time the change processing step S50 is executed, but it may be increased by two or a random numerical value. May be.

The change in the number of input requests K increases the input load in accordance with the increase in the input order, and therefore, it is preferable to change the increase.
When the input order changes from the primary order to the secondary order, it is preferable to increase the input request count K. However, when the input order I increases to a third order or higher, the software for finding out the password may make it difficult to grasp the number K of input requests, and the decrease and increase of the number K of input requests may be repeated. Further, by changing the input request count K with a random numerical value, it is possible to make it difficult for the software for finding out the password to grasp the input request count K.

Further, here, the change of the allowable error number Xmax is incremented by 1 each time the change processing step S50 is executed, but it may be changed by a random numerical value or decreased. You may repeat the increase. By changing the error allowance number Xmax, the change cycle of the input request number changes, and it becomes difficult for the software that finds the current input request number K to know the current input request number K.

In addition to the above-mentioned change in the number of input requests, it becomes very difficult for the software for finding out the password to grasp the current number K of input requests. If the number K of input requests cannot be grasped, it becomes impossible to know how many times a correct password is entered to authenticate, and the probability of unauthorized authentication succeeding is extremely low, and safety is enhanced. It should be noted that some degree of safety can be secured without changing the number of error permits Xmax.

After the change processing step S50, an end processing step S60 is performed. This end processing step S
At 60, it is determined whether or not the input order I becomes the end order M. If the input degree I has not reached the end degree M, the password group input step S10 is executed again. When the input degree I increases and reaches the end degree M, the password input process is forcibly terminated. At the end of the process, subsequent authentication is disabled.

When the input order I increases from the first order to the second order, the order does not reach the end order M (= 4).
The password group input step S10 displays “input order: 2
Next ”,“ Input request count K = 2 ”,“ Error allowance count Xmax ”
= 4 ”(see FIG. 3).

That is, in the "input order: secondary", in the password group input step S10, the password input (step S11) is repeated twice, and two passwords are required to be input as the password group input. Therefore, unless the correct password is entered twice in succession, the user is not authenticated (step S20). When requesting the input of two or more passwords in step S10, it is preferable to display a message prompting re-input such as "Please input again for confirmation".

In "Input order: secondary", the password group can be entered up to four times (step S3).
0) If the password group input is incorrect four times and the password input person does not finish the process, the input order shifts from the second order to the third order. Then, the number of input requests K = 3 and the number of allowable errors Xmax = 5 are changed.

That is, in the "input order: tertiary", the password input (step S11) is repeated three times in the password group input step S10, and three passwords are required as the password group input. Therefore, if you do not enter the correct password three times in a row,
It is not authenticated (step S20). In addition, the password group input can be entered up to five times (step S3).
0).

When the password group input is wrong 5 times in the "input order: third order", the input order shifts from the third order to the fourth order. Since the fourth order is equal to the end order M, the process ends (step S60).

As described above, in the present embodiment, at the beginning of the password input (when the input order is the first order), the authentication succeeds if the correct password is entered once, whereas the input order is the second order or later. In this case, you will be required to enter multiple passwords consecutively.

Here, conventional card-using devices such as cash cards and credit cards (automatic cash dispensers, etc.)
Then, if a correct password (personal identification number) is entered once, the user is authenticated, and if the password is entered three times incorrectly, the card is often unusable. In the present embodiment, the “input order: 1
Next input request count K = 1 and error permission count Xma
The value of x = 3 is consistent with the conventional card-using device, and if it is an error up to three times, the input method is the same as that of the conventional card-using device, which may be confusing to the card user. Less convenience is ensured.

Further, according to the present invention, even if the user makes a mistake in entering the password three times or more, it is possible to input the password again. Therefore, there is an opportunity to remember the correct password while inputting the password several times. Will increase. Then, if you remember the correct password, you can input the correct password as many times as required (step S
10) Then, you are authenticated. For those who remember the correct password, entering the password several times is extremely easy. Further, since there are many occasions where the password can be re-entered, the possibility that the card will become unusable is low, and the processing at the counter such as a bank can be reduced.

On the other hand, for a person who attempts to illegally use the card, the number of password input requests K increases as the number of mistakes increases. Therefore, many passwords must be input, which is a deterrent against illegal use of the card. Become. Then, if the input order I reaches the end order M by mistakenly inputting the password again and again, it is considered that the password has been completely forgotten or the password has been illegally used. By doing so, it is better to prohibit the use of the card.

Further, the authentication method of the present invention can be applied to a computer operating system, a computer network, a computer BIOS, and the like. In the present invention, the number K of input requests is changed according to the number of mistakes, so it is difficult to grasp the number K of input requests depending on the tool for finding out the password by software, and the security for such a tool is improved.

Furthermore, the authentication method of the present invention is applicable to a safe, a house,
Alternatively, it can be applied to a password authentication system for a vehicle such as a password authentication system for unlocking a lock device in a room, a lock for starting a door of a car or an engine, and a lock for operations related to operations of the car.

Further, by using the authentication method of the present invention in combination with the authentication method using an eyeball or a fingerprint, a high level of security can be established. The present invention is not limited to the above embodiment.

[0044]

According to the present invention, the number of input requests increases when the password is entered incorrectly several times. The increase in the number of input requests will not be a burden to those who remember the correct password, but for those who try to authenticate illegally, if the password is incorrect, the number of input requests will increase and the input will become difficult, resulting in incorrect authentication. The effect of deterring Therefore, an unauthorized user can be eliminated, so that the password can be re-input relatively many times, and a legitimate user can frequently input the password many times, which improves convenience.

[Brief description of drawings]

FIG. 1 is a flowchart showing the first half of an authentication method of the present invention.

FIG. 2 is a flowchart showing the latter half of the authentication method of the present invention.

FIG. 3 is a table showing an example of changes in the number of input requests and the number of error approvals accompanying a change in the input order.

[Explanation of symbols]

S10 Password group input step S20 authentication step S30 Error count processing step S40 end instruction step S50 change processing step S60 End processing step

Claims (5)

[Claims] 1. A password authentication method in a password authentication system that requires a password to be entered again when an incorrect password is entered, wherein the password group input is performed a number of times corresponding to the number of input requests set to 1 or more. When the password authentication system requires the steps for authentication and the entered password group contains an incorrect password, the password authentication system authenticates the password group input the number of times corresponding to the number of input requests again. The password authentication system increases the number of input requests when the password group input error is made a number of times according to the number of error permissions set to one or more, A password authentication method comprising: 2. The password authentication system includes a step of changing the number of input requests when the number of input passwords K is further increased after the number of input requests K is increased and the number of input errors is made a number of times corresponding to the number of error permits. The password authentication method according to claim 1, wherein: 3. When increasing or changing the number of input requests,
3. The password authentication method according to claim 1, further comprising a step of changing the number of permitted errors. 4. The password authentication system terminates password input when an instruction to terminate password input is received from a password input person or when the number of input requests is increased or changed a predetermined number of times or more. The password authentication method according to claim 1, further comprising a step. 5. A program for causing a computer to execute the password authentication method according to any one of claims 1 to 4.