JP2008158683A - Authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system performing authentication from a past action history of an authenticated person. <P>SOLUTION: An authentication server displays a period of action history information used as authentication information, and randomly displays each position information of an action history pattern list. The authenticated person reads the period of the action history information displayed on a screen interface, and selects an action history pattern corresponding to each the randomly displayed position information in action order according to a time series. The screen interface is displayed with an address corresponding to the position information such that the authenticated person can perform easy understanding instead of displaying the position information inside the action history information. Therefor, conversion processing from the position information to the address is performed before displaying it on the screen interface. The address corresponding to the information about a position not visited by the authenticated person within a designated period can be also displayed on the screen interface, for example, so as to prevent an accidental hit of false recognition even when another person slapdash performs input. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an authentication device that performs authentication based on location information of a person to be authenticated in the past.

   As an authentication apparatus, a technique of performing authentication based on a password (character string) is generally assumed on the assumption that a character string stored by the person to be authenticated is registered in an authentication system that performs authentication. Instead of using a character string that only an individual knows or does not know as a password, a method of substituting information known only by an individual has been proposed. For example, there is a method of using a picture instead of characters.

Regarding the method for recording the person's position information and storing the position information and date and time to prove the existence of the person or to authenticate that the person was present at the position, the following patent document There is.
JP 2003-157241 A Japanese Patent Application Laid-Open No. 2005-165952

  In the case of an authentication method using a character string such as a password, there is a vulnerability from the viewpoint that it is necessary to set a character string that cannot be forgotten by the individual as a password. When a difficult character string is used as a password, there is a problem that the character string is forgotten, or it is necessary to leave it in a memo, so that leakage due to viewing the memo tends to occur.

  Instead of such a character string, it may be possible to use the person's past position information described in the above-mentioned patent document, but if the position information at a certain point in time is simply used, the information will be There is a problem of lack of confidentiality because it can be clearly known from others.

  An object of the present invention is to improve the confidentiality of authentication when performing simple authentication using position information.

The present invention is characterized in that as information known only to the person himself / herself, position information of a place where the person has been in the past is recorded as an action history, and this is used as an authentication means. The main elements of the present invention are shown below.
(1) Means for collecting and storing personal location information and associated information (2) Means for selecting and organizing information for authentication from the stored location information and accompanying information (3) Means for displaying the arranged position information and accompanying information on the screen, thereby authenticating the individual (4) Instead of the position information of the individual, temporal change of the position information (5) In the above (1) to (4) Instead, the trajectory information

  The present invention is an authentication method that is easy to understand and is not easily leaked by using human past actions as authentication.

  The position information of the person can be acquired by the global positioning system (GPS), and is generally performed in car navigation systems and mobile phone services. There is also a service for notifying other companies and service providers of the location information using a mobile phone and notifying the location of the person.

Before describing embodiments of the present invention, an example of the concept of the present invention will be described below. The following processing is assumed to be performed by an authentication server or any other processing unit in the authentication system described later.
(1) First means for collecting and storing personal location information and information associated therewith This first means comprises a device possessed by an individual and transmitting personal location information, and personal location information. For example, the “personal position” and the date and time when it is collected are periodically stored in the authentication system from the equipment that receives the information.

(2) Second means for selecting and organizing information for authentication from stored position information and accompanying information In this second means, first, the position information is converted into, for example, two-dimensional coordinates. As shown in FIG. 7, grids are arranged as shown in grid-like grids 61a to 61c, 63a to 63c, which are actually described on a map 61 or virtually defined. Here, the positions included in the same cell are determined to be the same position because the positions are close to each other (the distance is short). For example, the positions from c1 to c4 in one area c) in the grid are rounded as the same position. The same applies to d1 and d2. Note that the size of the grid corresponds to the geographical distance. It is preferable that the cells can be appropriately changed. When the movement of the person to be authenticated is small, the area within one cell is narrowed, and when the movement is large, the area within one cell is widened.

If the distance is short, it is necessary to specify the location information for authentication in detail, and the probability of matching even if there is a random input during authentication decreases. For this reason, the degree of authentication that does not authenticate accidentally, that is, the security level of authentication increases, but on the other hand, it is necessary to memorize fine positions when humans input, so usability is often poor. . As described above, the size of the lattice needs to be changed depending on which of safety and usability in authentication is important, and it is preferable that the lattice can be changed. Similarly, regarding the date and time, not only a specific point of time but also a time in a certain time zone may be handled as the same date and time. The position information is classified by a grid and is expressed by the following three variables together with the date / time information.
(x, y) t

Here, x and y are integer values representing the position of the lattice on the two-dimensional xy plane. t is a numerical value representing the date and time. Here, information indicating the relationship between the date and the position is defined as an action history. The action history follows the passage of time and is expressed as follows.
(x1, y1) t1-(x2, y2) t2-(x3, y3) t3-(x4, y4) t4-(x5, y5) t5-(x6, y6) t6 (1)

  Here, the numbers added after each of x, y, and t are numbers indicating, for example, the order related to the time when the action history is acquired in ascending order. A trajectory based on the above equation (1) is defined as an action pattern. Next, the probability of existing at that position is calculated for each certain time period within an arbitrary period. That is, among the action history data already stored in the authentication system database (behavior history memory unit), it has the same time t1 (in this case, the day is different but the time is the same if the time zone is the same). The ratio of the number of data having the same position data (x1, y1) to the total number of data is the probability of the action history.

In addition, when an individual's behavior pattern for a certain day or a certain period is expressed as the following equation (2), the product of the probability of each behavior history is defined as the probability of the individual's position pattern .
Behavior pattern (x1, y1) t1-(x2, y2) t2-(x3, y3) t3-(2)
Probability of action pattern 100% x 99% x 80%-(3)

In addition, you may define the probability of an action pattern as an average of the probability of each action history.
That is, the low probability of the action pattern means that the person to be authenticated has been in a place different from the daily life for the entire day or period. “Action pattern (2)”, “Probability of action pattern (3)”, and the probability of each action history included in the action pattern are arranged as information for authentication. In that information, the behavior pattern of the person is classified into a group with a high probability of behavior pattern, a group with a medium probability, a group with multiple probabilities such as a low probability, and the date and time for each probability. It can be taken out. Also, the probability of each action history can be extracted for each position-time information. Depending on the person to be authenticated, weekday (Monday to Friday, etc.) and weekend (Saturday, Sunday, public holiday, etc.) may show completely different behavior patterns. Thus, behavior patterns, behavior pattern probabilities and individual behavior history probabilities may be accumulated and organized.

(3) Third means for displaying the arranged position information and accompanying information on the screen, thereby authenticating the individual. With this third means, the data of the second means of (2) above is used to arbitrarily Retrieve date and time data. The policy regarding how to retrieve the date and time data is as follows: a) a method of completely specifying the date and time using random numbers, and b) a random number weighted by a ratio previously extracted by the administrator from a group classified by probability. There is a method of taking out. For example, if the probability of being at the company at a certain time is close to 100%, there is a high possibility that the authentication is not useful. On the other hand, for example, since the probability that a company employee is in a sightseeing spot on a weekday is low, there is a high possibility of being useful for authentication. In this case, the level of memory based on the unexpectedness seen by others and the specificity seen by the principal may be particularly useful for authentication. However, for those who know very little about the person, it is unlikely that high-probability data will be fluke, so it is also effective to intermix appropriately high-probability data with moderate data and low data. It is.

  For the person to be authenticated, for example, a plurality of patterns of the relationship between the date and time and the position of the day are shown on the display screen. The person to be authenticated causes the correct answer to be selected from the displayed pattern. The authentication system may be repeated several times instead of once to calculate the correct answer rate. For example, when the correct answer rate is 100%, it is determined that the person to be authenticated is an authorized person. Depending on the requirements of the authentication system, if the correct answer rate is a reasonable level, it is possible to determine that the person to be authenticated is an authorized person. The level at which the correct answer rate is reasonable is, for example, a level at which a one-sided test of the correct answer rate can be performed by a statistical method to determine that the correct answer rate is sufficient.

  The authentication system according to the first embodiment of the present invention will be described below with reference to the drawings. FIG. 1 is a diagram illustrating a configuration example of an authentication system according to the present embodiment. As shown in FIG. 1, the information transmitted from the position information transmission device 2 possessed by the person to be authenticated 1 is subjected to identification processing of the person to be authenticated in the person to be authenticated identification unit 3. The location information transmission device 2 is, for example, a mobile phone, and includes a location information acquisition unit 2a such as a GPS, a transmission unit 2b that transmits data, and a timer 2c for acquiring time information. The information transmitted from the location information transmission device 2 possessed by the person 1 to be authenticated may be sent by the person to be authenticated voluntarily (by some button operation or the like). It is good also as a system which 2 transmits automatically (for example, regularly). Both may be recorded.

  The authentication device A receives the position information from the position information transmission device 2 of the person 1 to be authenticated, and the person to be authenticated 3 for identifying the person to be authenticated and the identification of the person to be authenticated when the identification of the person to be authenticated is completed. It has a time information recording unit 4 that records the time at which position information is received from the position information transmitting device 2 and a position information recording unit 6 that records the acquired position information.

  After recording the time in the time information acquisition unit 4, the position information recording unit 5 records the position information from the information received from the position information transmission device 2 held by the person 1 to be authenticated. As position information at this time, for example, longitude, latitude, altitude, and the like are recorded as coordinates.

  These pieces of information are stored as one entry in the action history memory unit 6. In other words, the action history memory unit 6 stores the person-to-be-authenticated identification information (for example, the ID of the person to be authenticated), action history recording time, and action history position information in pairs. Since the information stored in the action history memory unit 6 can be personal information of the person to be authenticated, it is preferable to perform an encryption process on the information. In addition, as an encryption method, each information of a to-be-authenticated person identification, action history recording time, and action history position information may be individually encrypted, or may be encrypted collectively as one piece of information.

  The authentication server 7 (authentication processing unit) has a function of acquiring encrypted information registered in the action history memory unit 6 and decrypting the acquired information. Encryption improves the security of information exchange. The authentication server 7 is connected to a map generation unit 9 that creates map information based on the position information. Here, the means by which the authentication server 7 communicates with the action history memory unit 6 or the map generation unit 9 includes a wired or wireless communication unit. In addition, the authentication device A is connected to a facility that requires authentication, such as the store 11, the ATM 13, and the facility 15. Each of these facilities is provided with authentication display portions 11a, 13a, and 15a as GUIs to be referred to in the authentication process performed when the person to be authenticated 1 goes out.

  FIG. 2 is a diagram illustrating an example of a screen interface (GUI) provided to the person 1 to be authenticated by the authentication server 7 in the authentication system according to the present embodiment. The display screen example shown in FIG. 2 may be a touch panel method that can be directly designated (input) by the person 1 to be authenticated, or an input method using a keyboard or the like. The authentication server 7 displays the period 21 to 23 of the action history information used as the authentication information, and displays each position information of the action history pattern list at random. In addition, based on the behavior pattern data for a certain period described above, the behavior pattern data is selected such that the probability of the behavior pattern satisfies a predetermined condition (for example, the probability of the behavior pattern is equal to or less than a certain value). It is good also as the periods 21-23 of action history information. The to-be-authenticated person 1 reads the period of the action history information displayed on the screen interface, and selects the action history pattern corresponding to each position information displayed at random in the action order 25 according to the time series. For example, one of the buttons 25a to 25e is pushed in order from the oldest order in the action history pattern. Here, instead of displaying the position information in the action history information, the address 27 corresponding to the position information is displayed on the screen interface shown in FIG. 2 so that the person to be authenticated can easily understand. For this purpose, the address information registered in the address memory unit 8 is searched from the position information, thereby converting the position information into the address 27 before displaying it on the screen interface. The action history memory unit 6 and the address memory unit 8 are not limited to volatile storage devices, and may be nonvolatile storage devices such as hard disks.

  In addition, in order to prevent accidental hits that result in erroneous authentication even if another person has entered appropriately, for example, an address corresponding to location information that the person to be authenticated has not visited within a specified period is also displayed on the screen interface. It can also be displayed. By doing this, the chances of accidental hits are drastically reduced. In addition, in order to assist the authentication work by the person 1 to be authenticated, a function of displaying the map 31 generated by the map generation unit 9 on the screen based on the address or position information may be provided. When one of the buttons 31a to 31e in the row of the map 31 is pressed, the map information 31 of FIG. 3 is displayed. The current position is indicated by reference numeral 41. The scale of this map can be changed. That is, as shown in FIG. 3, it is possible to perform enlargement or reduction by moving the movement key 43a in the scroll bar 43, for example, according to the instruction of the person to be authenticated, and this corresponds to any scale corresponding to this operation. Since a map of the position can be displayed, a more detailed map regarding the position can be obtained.

  Next, processing until the person 1 to be authenticated is personally authenticated by the authentication server 7 will be described with reference to the flowchart of FIG. When the process is started, an authentication procedure is started in step S1, and an inquiry is made to the action history memory unit in step S2 using the authenticated person ID as a key. In step S3, it is determined whether or not there is data corresponding to the person-to-be-authenticated, and if it does not exist (No), the process proceeds to step S4 and authentication fails. If there is a person-to-be-authenticated ID (Yes), the process proceeds to step S5, where there are a plurality of action history entries in the action history memory unit 6 in response to an inquiry of the person to be authenticated by the authentication server 7. (Yes), the action history memory unit 6 sends the oldest time and the newest time to the authentication server 7 from the action history registered in the entry of the authenticated person identifier. This information is referred to as time information of the authenticated person identifier. In step S <b> 6, the authentication server 7 selects an appropriate period from the time information of the person-to-be-authenticated identifier transmitted from the action history memory unit 6. Here, the selection policy for the period selected by the authentication server (the probability of the action pattern, the length of the action period, the freshness / age of the action history information used for verification of the person to be authenticated) is set in the authentication server in advance. It may be left. In step S <b> 7, the authentication server 7 acquires the action history information of the person 1 to be authenticated for the period selected by the authentication server 7 from the action history memory unit 6. The authentication server 7 decodes the encrypted person's action history information acquired from the action history memory unit 6 and arranges the position information using the time information as a key.

  In step S8, the authentication server 7 selects a valid action history as authentication information from the action history information. In the action history information selection method by the authentication server 7, the time information and the position information are investigated from the action history information, and when the difference in the position coordinates is small with respect to the elapsed time, a certain period is put together as one action history. To process. Here, the magnitude of the relationship between the elapsed time determined by the authentication server 7 and the movement distance (difference in position coordinates) is set in advance.

  As described above, the authentication server 7 creates an action history pattern list as authentication information of the person to be authenticated based on the action history information (step S9). Based on this, a GUI as shown in FIG. 2 can be displayed.

  Regarding the determination of success / failure in authentication in relation to the processing of FIG. 4, if the authentication is successful only when all are correct answers, the authentication is not performed no matter how many times the processing is performed if the memory is ambiguous. There is a problem. Therefore, the authentication server 7 investigates whether or not there is a difference between the action history pattern input by the person 1 to be authenticated and the action history pattern expected by the authentication server 7. If there is no difference, the user 1 is authenticated. Here, if the authentication server 7 prepares a plurality of action history patterns of the person 1 to be authenticated, and the person 1 to be authenticated inputs the action history as many times as the prepared pattern, the accuracy of authentication can be further improved. .

  More specifically, processing can be performed as shown in FIG. First, when the process is started (start), in step S11, the period of the action history information used as the authentication information is displayed, and the position information of the action history pattern list is randomly displayed. Next, in step S12, a time-series order selection regarding each of the position information displayed at random is accepted. In step S13, a difference Δ between the accepted history pattern and the correct answer is detected. The difference may be a correct answer rate, or three or more similar orders may be regarded as correct answers.

  Next, in step S14, it is determined whether or not the difference Δ is not more than a certain threshold value. If it is below a certain threshold value (YES), the process proceeds to step S16 and the authentication is successful. If the difference Δ exceeds a certain threshold value, the process proceeds to step S15 and authentication fails.

  Further, for example, the authentication may be set to be successful if Δ is below a threshold value between three tries.

  As described above, according to the authentication system according to the present embodiment, authentication is performed based on the position information and time information, and therefore the probability of flickering in authentication is reduced. In addition, it is possible to automatically perform a process equivalent to a password update without particularly renewing the password.

  Next, an authentication system according to a second embodiment of the present invention will be described with reference to the drawings. FIG. 6 is a diagram corresponding to FIG. 2 and illustrates an example of a GUI at the time of authentication. A GUI 51 shown in FIG. 6 is a diagram showing a map including all positions 1) to 5) based on position information and buttons 53 (53a to 53e) for inputting the order from 1) to 5). . The GUI shown in FIG. 6 can also be created from the same information as in the first embodiment. Here, the person to be authenticated can input the button 53 while looking at the map in the order of the position where he / she stopped.

  According to the present embodiment, while looking at the map and the position written in it, the position that stopped in order is selected, so it is easy to make a visual decision at the time of authentication, and the authentication process is easier. There is an advantage that can be done. In addition, it is also possible to use the locus | trajectory of several points as an option. That is, a plurality of displays in which the order of the trajectories of a plurality of points is changed may be prepared, and the user may be allowed to select the correct answer from among them.

  It should be noted that, for example, when a person's action history for a certain period, for example, one week, is compared with one week's action history from the previous week, It may be removed. In other words, data that repeats being at the same position periodically can be excluded from the object of authentication, and the action history that anyone knows can be excluded to improve the accuracy of authentication.

  The present invention can be used for an authentication system.

It is a figure which shows one structural example of the authentication system by embodiment of this invention. It is a figure which shows an example of the screen interface (GUI) which the authentication server in the authentication system by this Embodiment provides to a to-be-authenticated person. It is a figure which shows the example of a display of map information. It has a bar that can change the scale of the map. It is a flowchart figure which shows a process until a to-be-authenticated person is personally authenticated by the authentication server. It is a figure which shows the modification of FIG. It is a system by the 2nd Embodiment of this invention, Comprising: It is a figure corresponding to FIG. 2, and is a figure which shows an example of GUI at the time of authentication. FIG. 6 is a diagram in which position information is converted into two-dimensional coordinates, and a map 61 and grid-like cells actually described or virtually defined on the map are arranged.

Explanation of symbols

A ... Authentication system, 1 ... Authenticated person, 2 ... Location information transmitting device, 3 ... Authenticated person identification unit, 4 ... Time information recording unit, 5 ... Position information recording unit, 6 ... Action history memory unit, 7 ... Authentication Server: 8 ... Address memory unit, 9 ... Map generation unit, 11 ... Store, 11a ... Authentication display unit, 13 ... ATM, 15 ... Facility.

Claims (7)

An ID of the person to be authenticated is obtained from the position information transmission terminal, and the person to be authenticated is identified based on the ID;
A time information recording unit that records time information when the ID is acquired and a location information recording unit that records location information acquired from the location information transmission terminal when authenticated by the person-to-be-authenticated identification unit;
Based on position-time information that is a combination of the position information and the time information, an action history memory unit that stores an action history of the authenticated person specified by the ID;
A map generator that stores map information and generates a map;
An authentication system comprising: an authentication processing unit that displays a plurality of the position-time information of the person to be authenticated specified by the ID and prompts input regarding the order of the position-time information.   The action history memory unit stores the adjacent area or the time as the same when at least one of the area in the position information or the time in the time information is close. The authentication system according to claim 1.   The display based on the position-time information includes a map, a plurality of positions based on the action history on the map, and an interface capable of designating an order for each of the positions. The authentication system according to claim 1 or 2.   The display based on the position-time information includes a plurality of address displays and an interface capable of designating an order for each of the plurality of address displays. Authentication system. The action history memory unit calculates the probability that the person to be authenticated is in the place as the probability of the action history in a certain time period as a result of performing the aggregation processing of the position for each date and time from the record of the action history. Statistical data is stored in advance,
5. The display based on the position-time information is selected and displayed from the position-time information in which the probability of the action history is within a predetermined range. The authentication system described in. The behavior history memory unit stores statistical data calculated in advance as the probability of the behavior pattern, which is the product or average of the probability of the behavior history included in the behavior history set over a certain period,
6. The authentication according to claim 5, wherein the display based on the position-time information is selected and displayed from position-time information included in an action pattern having a probability of the action pattern within a predetermined range. system.   The authentication processing unit determines a date and a position at which the input date and time and the action history of the person to be authenticated match, accepts a result input by the person to be authenticated, and an input that matches The authentication system according to any one of claims 1 to 6, wherein a correct answer rate is calculated on the basis of the number of actions and an action history, and authentication is performed based on the level of the correct answer rate.

Images