JP2015148952A - Information processor and information processing program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To eliminate the trouble of re-entering authentication information even when the intention of inputting correctly is regarded as an erroneous input in an authentication process in which authentication information is input via hardware other than a hardware keyboard. Provide the device. An information processing apparatus 10 includes an authentication information acquisition unit 22 that acquires a password generated based on touch coordinate data output from a touch panel 11, and a verification information storage unit 26 that stores a verification password. , The validity calculation unit 24 that calculates the accuracy value N indicating how appropriate the verification password is for the acquired password, and if the accuracy value N is equal to or higher than the predetermined threshold th1, the user is authenticated. The user authentication unit 25 is included. [Selection diagram] Fig. 1

Description

  The present invention relates to an information processing apparatus and an information processing program.

  In a login system that prompts a user who requests the use of an information processing apparatus such as a computer to input a password, and authenticates the user as a valid user when the input password matches a pre-registered password Even if it is a legitimate user, when entering the password, the user may make a mistake in entering the key, such as entering the key next to the key that is supposed to be entered. .

  In such a case, the user must input the password again from the beginning, which is very troublesome. Conventionally, in a login system, when a wrong password is input for a predetermined number of times, it is configured not to accept an operation for login thereafter. Regardless, if you accidentally make keystrokes accidentally, you will not be able to log in.

  Therefore, for example, Patent Document 1 discloses a technique for solving such a problem. The password input system disclosed in Patent Document 1 registers in advance information about how many key input mistakes are made and regards the input illegal password as a valid password. When entered, if there is a key entry mistake corresponding to a rule registered in advance, the entered unauthorized password is regarded as a valid password and login is permitted.

JP 2003-30147 A

  In the password input system disclosed in Patent Document 1, it is assumed that a password is key-input using a hardware keyboard. As a pattern for permitting erroneous input of a password, it is adjacent to both sides of the key to be originally input. When a certain key is input, when a key on both sides of the key that was originally intended to be input and above and below is input, a case where a small letter is input for an uppercase letter, a case where a capital letter is input for a lowercase letter, and the like are registered in advance.

  However, the password input method is not limited to the hardware keyboard. For example, in an information processing apparatus such as a smartphone or a tablet PC (Personal Computer), it is assumed that a password is input by handwritten characters or voice input on the touch panel. No consideration is given to input mistakes that may occur when inputting a password by this method.

  An information processing system including a client device operated by a user to input authentication information and a server device that executes processing for authenticating the user based on the input authentication information is described in Patent Document 1. If the proposed technology is to be applied, it must be applied to the server device that executes the authentication process. However, in order to apply the technology to a system on the server device side that has already been constructed, a high correction cost is required.

  The first object of the present invention is to bother re-entry of authentication information even when it is assumed that the correct input is regarded as an erroneous input in the authentication processing in which the authentication information is input via hardware other than the hardware keyboard. It is to provide an information processing apparatus and an information processing program that can solve the problem.

  A second object of the present invention is to provide an authentication information error in an information processing system including an information processing apparatus operated by a user to input authentication information and an authentication apparatus for executing processing for authenticating the user. An object of the present invention is to provide an information processing apparatus and an information processing program that can eliminate the troublesomeness of re-input of authentication information by input at low cost.

The present invention includes an authentication information acquisition unit that acquires authentication information generated based on input information output from an input device;
A collation information storage unit that stores pre-registered collation information used to authenticate a user;
A validity calculating unit that calculates a value indicating how appropriate the authentication information is with respect to the verification information;
The information processing apparatus includes a user authentication unit that authenticates a user when the value calculated by the validity calculation unit satisfies a predetermined condition.

The present invention also includes an authentication information acquisition unit that acquires authentication information generated based on input information output from an input device;
A collation information storage unit that stores pre-registered collation information used to authenticate a user;
A validity calculating unit that calculates a value indicating how appropriate the authentication information is with respect to the verification information;
An authentication failure frequency storage unit that stores the number of times authentication has failed continuously;
An allowable reference value storage unit that stores an allowable reference value for determination that allows the number of authentication failures; and
A user authentication unit that authenticates a user when the number of authentication failures is a value that is allowed in comparison with the allowable reference value and the authentication information and the verification information match;
An information processing apparatus comprising: a number adjusting unit that increases or decreases the number of authentication failures or the allowable reference value depending on whether a value calculated by the validity calculating unit satisfies a predetermined condition; It is.

Further, the present invention is an information processing apparatus capable of communicating with an authentication apparatus that authenticates a user based on authentication information transmitted from an external apparatus,
An authentication information acquisition unit for acquiring authentication information generated based on input information output from an input device used to input authentication information;
A collation information storage unit that stores pre-registered collation information used to authenticate a user;
A validity calculating unit that calculates a value indicating how appropriate the authentication information is with respect to the verification information;
And a transmitter that transmits the verification information used for verification to the authentication device as authentication information when the value calculated by the validity calculation unit satisfies a predetermined condition. It is a processing device.

Further, in the present invention, the authentication information and the verification information are each information composed of character strings,
For each constituent character constituting the collation information, a plurality of candidate characters are stored in association with each other, and each candidate character and a value for evaluating the validity of the candidate character with respect to the corresponding constituent character are calculated. A candidate character storage unit for storing the parameters to be used in association with each other;
The validity calculating unit calculates a value indicating how appropriate the authentication information is with respect to the verification information based on a parameter corresponding to each character constituting the authentication information.

The present invention also provides a storage unit that can communicate with an authentication device that authenticates a user using authentication information transmitted from an external device, and stores pre-registered verification information used to authenticate the user. An information processing program for sending authentication information to the authentication device by a computer provided in the information processing device comprising:
In the computer,
Obtaining authentication information generated based on input information output from the input device;
Calculating a value indicating how appropriate the authentication information is with respect to the verification information;
When the calculated value satisfies a predetermined condition, the information processing program is configured to execute a step of transmitting the verification information used for verification as authentication information to the authentication device.

  According to the present invention, in the authentication process in which the authentication information is input via hardware other than the hardware keyboard, even if the authentication information is intended to be input correctly, but the input authentication information is considered to be incorrect, The troublesomeness of inputting authentication information again can be eliminated.

  According to the present invention, in an information processing system including an information processing apparatus operated by a user to input authentication information and an authentication apparatus for executing processing for authenticating the user, authentication information due to erroneous input of authentication information. The troublesome re-input can be eliminated at low cost.

1 is a block diagram schematically showing the configuration of an information processing apparatus 10 according to a first embodiment of the present invention. It is a figure which shows an example of the candidate character table T stored in the candidate character memory | storage part 27. FIG. It is a flowchart which shows the process sequence of the authentication process performed in the information processing apparatus 10 which concerns on the 1st Embodiment of this invention. It is a block diagram showing roughly the composition of information processor 10A concerning a 2nd embodiment of the present invention. It is a block diagram showing roughly the composition of information processor 10B concerning a 3rd embodiment of the present invention. It is a block diagram showing roughly the composition of information processor 10C concerning a 4th embodiment of the present invention. It is a figure which shows an example of the software keyboard 40 displayed on a password input screen. It is a figure which shows roughly the structure of the information processing system 100 provided with information processing apparatus 10D which concerns on the 5th Embodiment of this invention. It is a figure which shows schematically the structure of 100 A of information processing systems provided with the information processing apparatus 10E which concerns on the 6th Embodiment of this invention.

(First embodiment)
FIG. 1 is a block diagram schematically showing the configuration of the information processing apparatus 10 according to the first embodiment of the present invention. The information processing apparatus 10 has an authentication function for confirming whether a user who requests use of the apparatus itself or a user who requests use of a specific function installed in the apparatus is a valid user. Realized by the information equipment. Such an information processing apparatus 10 can be realized by, for example, a smartphone, a tablet PC (Personal Computer), a digital multifunction peripheral, or the like.

  The information processing apparatus 10 according to the present embodiment includes a touch panel 11 and a display (not shown), and the touch panel 11 functions as an input device used to input authentication information for authenticating that the user is a valid user. To do. The touch panel 11 detects the coordinates of the touch position on the display surface when the user touches the display surface of the image on the display with a finger or a stylus, and the detected coordinate data (hereinafter referred to as “touch coordinates”). Data ”) is output to the control device 12 as input information.

  On the other hand, the display receives image data from the control device 12 and displays an image corresponding to the received image data on the display surface. The display is realized by a display device such as a liquid crystal display device or an organic EL (Electro-Luminescence) display device.

  The touch panel 11 and the display provide an interactive operation interface for the user. The touch panel 11 may be any type such as a resistive film method, a surface acoustic wave method, an infrared method, an electromagnetic induction method, and a capacitance method.

  The information processing apparatus 10 according to the present embodiment is equipped with a handwritten character recognition function for recognizing characters input by handwriting on the touch panel 11, and is based on a password formed by a character string input by handwriting on the touch panel 11. Assume that authentication processing is executed. In the present embodiment, the password corresponds to the authentication information.

  The information processing apparatus 10 includes a control device 12 and a storage device 13 in addition to the touch panel 11, and the control device 12 includes an authentication information generation unit 21 and an authentication information acquisition unit 22 as illustrated in FIG. , Function as a determination unit 23, a validity calculation unit 24, and a user authentication unit 25. The storage device 13 functions as a collation information storage unit 26 and a candidate character storage unit 27.

  The control device 12 is realized by, for example, a CPU (Central Processing Unit) and functions as the above-described units 21 to 25 by executing an information processing program for authentication processing that is stored in the storage device 13.

  The storage device 13 is realized by, for example, a flash ROM (Read Only Memory) and an HDD (Hard Disk Drive), and stores the information processing program in advance.

  The control device 12 may be realized by a dedicated integrated circuit such as an FPGA (Field Programmable Gate Array) and an ASIC (Application Specific Integrated Circuit).

  The authentication information generation unit 21 acquires touch coordinate data (input information) output from the touch panel 11 and is input by handwriting on the touch panel 11 by a known handwritten character recognition technique based on the touch coordinate data. Recognize characters. Then, the authentication information generation unit 21 passes a character string including the recognized characters to the authentication information acquisition unit 22 as a password input by the user. When the authentication information acquisition unit 22 receives the password input by the user from the authentication information generation unit 21, the authentication information acquisition unit 22 passes the received password to the determination unit 23.

  The collation information storage unit 26 stores a pre-registered collation password used for authenticating that the user is a valid user. In the present embodiment, this verification password corresponds to verification information.

  When the determination unit 23 receives the password input by the user from the authentication information acquisition unit 22, the determination unit 23 extracts the verification password from the verification information storage unit 26. Then, the determination unit 23 determines whether or not the password input by the user matches the verification password extracted from the verification information storage unit 26. If they match, the user authentication unit 25 is notified that they match, and if they do not match, the password input by the user to the validity calculation unit 24 give.

  The validity calculation unit 24 refers to a candidate character table T, which will be described later, stored in the candidate character storage unit 27, and how appropriate the password input by the user is with respect to the password for verification. That is, the accuracy value N indicating the degree of legitimacy is calculated, and the calculated accuracy value N is passed to the user authentication unit 25. A method of calculating the accuracy value N will be described later.

  If the determination unit 23 notifies that the password input by the user matches the verification password, the user authentication unit 25 determines that the user who has input the password is a valid user. Certify.

  In addition, when the user authentication unit 25 receives the accuracy value N from the validity calculation unit 24, the password entered by the user if the received accuracy value N satisfies a preset condition. And the password for verification match, and the user who entered the password is authenticated as a valid user.

  When such authentication processing is performed for a user who requests use of the information processing apparatus 10 itself, the user authentication unit 25 authenticates the user as a valid user, thereby Can be used. Further, when the authentication process is performed for a user who requests use of a specific function installed in the information processing apparatus 10, the user authentication unit 25 authenticates the user as a valid user. Thus, the specific function can be used.

  Here, a method of calculating the accuracy value N will be described. FIG. 2 is a diagram illustrating an example of the candidate character table T stored in the candidate character storage unit 27. In the candidate character table T, a plurality of candidate characters are stored in association with each character constituting the password for verification (hereinafter referred to as “constituent character”). Parameters for evaluating the validity of the candidate character with respect to the constituent characters are stored in association with each other. The candidate character table T is created in advance and stored in the candidate character storage unit 27.

  The candidate character is a candidate for a character that is easily recognized by handwriting recognition when a constituent character is input by handwriting on the touch panel 11, and is statistically erroneously recognized in the candidate character table T. A parameter for determining that a candidate character that is more likely to be processed is more legitimate with respect to a constituent character. In the example of FIG. 2, a parameter with a smaller value is assigned to a candidate character that is statistically erroneously recognized. The parameter is a numerical value of 0 or more.

  FIG. 2 illustrates the candidate character table T when the password for verification is the character string “1234”. For example, looking at the constituent character “1”, the candidate characters “l”, “i”, “)”,... ”Is given 5 points as a parameter, and in the following order, the candidate character“ i ”has 10 points as a parameter, and the candidate character“ Has been granted. Also, the constituent character “1” itself is given 0 points as a parameter.

  When a legitimate user manually inputs the character string “1234” as a password using the candidate character table T shown in FIG. 2, the password input by the user by the authentication information generation unit 21 is changed to the character string “1234”. A case where it is recognized as “1Z 4” will be described as an example.

  In this case, since the verification password “1234” does not match the input password “1Z 4”, the determination unit 23 passes the input password “1Z 4” to the validity calculation unit 24. . When the correctness calculating unit 24 receives the input password “1Z 4” from the determination unit 23, each of the characters “1”, “Z”, “ With regard to “ro” and “4”, the parameter is obtained by referring to the candidate character table T.

  In the example of FIG. 2, since the characters “1” and “4” all match the constituent characters, the parameter is determined to be 0 points. Further, the character “Z” is obtained with a parameter of 5 points, and the character “RO” is obtained with a parameter of 10 points.

  Then, the correctness calculation unit 24 calculates the accuracy value N by subtracting the parameter corresponding to each constituent character from 100 points which are reference points. That is, in this case, the accuracy value N is a maximum of 100 points, and the greater the calculated numerical value, the higher the degree of legitimacy of the input password with respect to the verification password. In the above example, the accuracy value N is calculated as 85 points (= 100-0-5-10-0).

  When the accuracy value N is calculated in this way, the validity calculation unit 24 passes the calculated accuracy value N to the user authentication unit 25. The user authentication unit 25 determines whether or not the accuracy value N received from the validity calculation unit 24 satisfies a predetermined condition. Here, the user authentication unit 25 compares the accuracy value N with a preset threshold th1 and determines whether the accuracy value N satisfies the condition of N ≧ th1. If it is determined that the condition of N ≧ th1 is satisfied, the input password and the verification password are regarded as matching, and the user is authenticated.

  This threshold value th1 is the same as the input password and the verification password if the accuracy value N satisfies the condition of N ≧ th1, depending on the number of characters of the verification password, the parameters associated with the candidate characters, and the like. The password is appropriately set to a value that does not cause a problem even if it is assumed that the password matches, and stored in the storage device 13.

  For example, in the above example, if the threshold th1 is set to 80 points, the input password “1Z 4” satisfies the condition of N ≧ th1, so the user authentication unit 25 uses the verification The user is authenticated by regarding that the password “1234” and the input password “1Z 4” match. If the threshold th1 is set to 90 points, the input password “1Z 4” does not satisfy the condition of N ≧ th1, and therefore the user authentication unit 25 uses the verification password “1234”. Is not considered to match the password “1Z 4”, and therefore the user is not authenticated in this case.

  In the above example, the correctness calculation unit 24 calculates the accuracy value N by subtracting each parameter from the reference point, but in another example, the correctness calculation unit 24 simply calculates by adding the parameters. You may make it do.

  The accuracy value N ′ in this case is different from the above example, and the smaller the numerical value, the higher the degree of legitimacy of the input password with respect to the verification password. Therefore, in this case, if the accuracy value N ′ is equal to or less than a predetermined threshold th1 ′, that is, if the condition of N ′ ≦ th1 ′ is satisfied, the user authentication unit 25 will check the input password and the verification password. Behave as if they match.

  FIG. 3 is a flowchart showing a processing procedure of authentication processing executed in the information processing apparatus 10 according to the present embodiment. When an execution command for an application program that is installed in the information processing apparatus 10 and requires user authentication is input by the user, a password input screen for requesting handwriting input of the password is displayed on the display, and the process proceeds to step s1. .

  In step s1, the authentication information generation unit 21 recognizes characters handwritten by the user based on the touch coordinate data output from the touch panel 11, and the authentication information acquisition unit 22 uses a character string including the recognized characters as a password. To step s2.

  In step s 2, the authentication information acquisition unit 22 passes the received password to the determination unit 23. Then, the determination unit 23 extracts the verification password from the verification information storage unit 26, and determines whether the password input by the user matches the verification password. If they match, the user authentication unit 25 is notified that they match, and the process proceeds to step s3. If they do not match, the correctness calculation unit 24 has been input by the user. Pass the password and proceed to step s4.

  In step s3, the user authentication unit 25 authenticates the user who has input the password as a valid user, and ends the process. Thereby, the application program to which the execution command is input can be executed.

  In step s4, the correctness calculation unit 24 refers to the candidate character table T stored in the candidate character storage unit 27, calculates the accuracy value N of the password input by the user, and calculates the calculated accuracy. The value N is notified to the user authentication unit 25 and the process proceeds to step s5.

  In step s5, the user authentication unit 25 determines whether or not the received accuracy value N is greater than or equal to a preset threshold th1, and proceeds to step s6 if it is greater than or equal to a preset threshold th1.

  On the other hand, if it is less than the preset threshold th1, the process is terminated without authenticating the user. In this case, the user cannot execute the application program to which the execution command is input.

  In step s6, the user authentication unit 25 regards the user who has input the password as a valid user, authenticates it, and ends the process. Thereby, the application program to which the execution command is input can be executed.

  As described above, according to the present embodiment, when a legitimate user uses the touch panel 11 to input a password, which is authentication information, by handwritten characters, or because the person has quickly handwritten. Even if the correct password has been entered due to character wrinkles peculiar to the character, it was created in advance even if it was determined by handwriting recognition that the entered password did not match the verification password. If the accuracy value N of the input password satisfies a predetermined condition in accordance with the candidate character table T, the input password and the verification password are considered to match, and the user is authenticated.

  Therefore, even if the correct password is input by handwriting, even if it is regarded as an erroneous input by handwritten character recognition, the troublesomeness of having to input the password again can be eliminated. Convenience can be improved.

  In the information processing apparatus 10 according to the present embodiment, the control device 12 has a function as the determination unit 23. However, in other embodiments, the function as the determination unit 23 may be omitted. In this case, the processing of steps s2 and s3 in the flowchart shown in FIG. 3 is omitted, and the step after S1 becomes step s4 unconditionally.

(Second Embodiment)
FIG. 4 is a block diagram schematically showing the configuration of the information processing apparatus 10A according to the second embodiment of the present invention. The information processing apparatus 10 </ b> A according to the present embodiment is only the point that the control device 12 </ b> A further has a function as the table update unit 28, and the storage device 13 </ b> A further has a function as the authentication information storage unit 29. Unlike the information processing apparatus 10 according to the first embodiment, since the remaining configuration is the same, the same reference numerals are given and redundant description is omitted.

  The information processing apparatus 10A according to the present embodiment stores the password input by the user when the user authentication unit 25 determines that the password input by the user matches the verification password. In addition, it further has a learning function of automatically updating the candidate character table T stored in the candidate character storage unit 27 so as to have contents suitable for a legitimate user.

  When the user authenticating unit 25 considers that the password input by the user and the verification password match based on the accuracy value N, the table updating unit 28 reads from the validity calculating unit 24. The password input by the user is acquired, and the acquired password is stored in the authentication information storage unit 29. That is, the authentication information storage unit 29 sequentially stores passwords erroneously input by legitimate users.

  Then, the table update unit 28 refers to the plurality of passwords stored in the authentication information storage unit 29, and for each constituent character of the verification password, among candidate characters recognized differently from the constituent characters, The candidate character table T is updated as appropriate so that the more frequently recognized candidate characters are, the smaller the parameters are.

  For example, when the candidate character table T shown in FIG. 2 is stored in the candidate character storage unit 27, the table update unit 28 stores the handwritten character “i” in the authentication information storage unit 29 for the constituent character “1”. If it is determined that more passwords recognized as handwritten characters are accumulated than passwords recognized as “l”, the constituent character “1” in the candidate character table T is given to the candidate character “l”. The parameters assigned to the candidate character “i” are updated from 10 points to 5 points.

  Thus, according to the present embodiment, an erroneous input pattern specific to a legitimate user is automatically reflected in the candidate character table T. Therefore, it is possible to more reliably eliminate the annoyance of having to re-enter the password because it is regarded as an incorrect input even though the password is correctly input by handwriting, further improving the convenience for the user. be able to.

(Third embodiment)
FIG. 5 is a block diagram schematically showing the configuration of the information processing apparatus 10B according to the third embodiment of the present invention. In the information processing apparatus 10 </ b> B according to the present embodiment, the control device 12 </ b> B further has functions as an authentication failure frequency counting unit 30, an allowable frequency adjustment unit 31, and an input restriction unit 32, and the storage device 13 </ b> B is an allowable frequency storage unit 33. Unlike the information processing apparatus 10 according to the first embodiment, the remaining configuration is the same only in that it further has a function as the Omitted.

  The information processing apparatus 10 </ b> B according to the present embodiment has a function of disabling subsequent authentication processing when authentication information is erroneously input continuously for a predetermined allowable number of times, and a password input by the user Even if the verification password does not match, the function has a function of adjusting the allowable number according to the accuracy value N.

  The authentication failure frequency counting unit 30 monitors the user authentication unit 25, and counts the number of times that a case where the user is not authenticated as a valid user after the determination by the determination unit 23 has occurred. Here, the case where the user is not authenticated as a legitimate user means that when the user authenticating unit 25 receives the accuracy value N from the legitimacy calculating unit 24, the password input by the user and the password for verification Is a case that was not considered to match.

  In the allowable number storage unit 33, an allowable number of times (allowable reference value) that allows continuous occurrence of cases that have not been authenticated as a legitimate user is preset and stored.

  When the number of times counted by the authentication failure number counting unit 30 matches the allowable number stored in the allowable number storage unit 33, the input restriction unit 32 performs predetermined processing so that the subsequent authentication processing is impossible. Execute. Here, the predetermined process may be, for example, a process for stopping the subsequent authentication in the user authentication unit 25, or causing the display to display a password input screen for requesting handwriting input of the password. It may be processing such as prohibiting.

  When the accuracy value N is calculated by the validity calculation unit 24, the allowable number adjustment unit 31 acquires the calculated accuracy value N from the validity calculation unit 24, and the acquired accuracy value N is a predetermined condition. The allowable number of times stored in the allowable number storage unit 33 is increased or decreased according to whether or not the above is satisfied.

  Here, as in the first embodiment, if the accuracy value N is a perfect score of 100, and the user authentication unit 25 satisfies the condition that the accuracy value N satisfies N ≧ th1, it is used for verification with the input password. If the accuracy value N satisfies th1> N ≧ th2, specifically, the allowable number adjustment unit 31 stores the password in the allowable number storage unit 33. The allowable number of times stored in the allowable number of times storage unit 33 is decreased by one if the allowable number of times stored is increased by 1 and th3 ≧ N (th3 <th2) is satisfied.

  For example, if the threshold th1 is set to 90 points, the threshold th2 is set to 80 points, and the threshold th3 is set to 30 points, the accuracy value N for the password entered by the user is 90 points or more. For example, the user authentication unit 25 considers that the input password and the verification password match and is authenticated as a valid user, and the accuracy value N is 80 points or more and less than 90 points. For example, if the allowable number of times stored in the allowable number of times storage unit 33 is increased by 1 by the allowable number of times adjustment unit 31 and the accuracy value N is 30 points or less, the allowable number of times storage unit 31 The allowable number of times stored in 33 is reduced by one.

  As described above, according to the present embodiment, even when the password input by the user and the password for verification cannot be regarded as matching, based on the accuracy value N for the input password. Thus, if it can be determined that the degree of legitimacy is high, the allowable number of times stored in the allowable number of times storage unit 33 is increased by 1, until authentication processing becomes impossible before and after the password is entered. The number of erroneous inputs is substantially maintained.

  As a result, even if the correct password is handwritten and the case where the entered password and the password for verification are not considered to coincide with each other due to handwritten character recognition, the authentication process Can be avoided. Therefore, convenience can be improved for a legitimate user.

  Further, according to the present embodiment, when it can be determined that the degree of legitimacy of the input password is very low based on the accuracy value N for the password input by the user, the allowable number storage unit 33 stores By reducing the stored allowable number by 1, the number of erroneous inputs until the authentication process becomes impossible is reduced more than usual.

  If the entered password is very low, it can be determined that the password has been entered by an unauthorized user. By reducing it, security can be strengthened.

  In the present embodiment, as in the first embodiment, the user authentication unit 25 determines the accuracy value N even when the password input by the user does not match the verification password. Is configured to authenticate the user by assuming that they match, in other embodiments, the user authentication unit 25 is configured with a password entered by the user. Only when the verification password matches, the user is authenticated, and even when the input password and the verification password do not match, the accuracy value N for the input password , The allowable number of times stored in the allowable number storage unit 33 is increased by 1, and it can be determined that the degree of validity is very low. If that may be configured to reduce the allowable number of times stored in the allowable number of times storage unit 33 by one.

  In the present embodiment, the allowable number adjustment unit 31 is configured to adjust the allowable number stored in the allowable number storage unit 33 depending on whether or not the accuracy value N satisfies a predetermined condition. In other embodiments, even if the password entered by the user and the verification password cannot be considered to match, the validity value is determined based on the accuracy value N for the entered password. When it can be determined that the degree is high, the allowable number of times stored in the allowable number of times storage unit 33 may not be changed, and the count by the authentication failure number counter 30 may be invalidated. In this case, before and after the password input, the number of times counted by the authentication failure number counting unit 30 does not increase or decrease, and therefore, the number of erroneous input until the authentication process becomes impossible is substantially maintained. Become.

  In the first to third embodiments, the information processing apparatuses 10, 10 </ b> A, and 10 </ b> B are configured to input a password, which is authentication information, by handwritten characters using the touch panel 11. In the embodiment, a microphone may be used instead of the touch panel 11 and a password may be input by voice.

  In this case, voice data (input information) is input from the microphone to the authentication information generation unit 21, and the authentication information generation unit 21 receives voice input from the user by a known voice recognition technique based on the voice data. Recognize characters.

  Even in such a configuration, it is possible to eliminate the trouble of having to input the password again even if it is regarded as an incorrect input by voice recognition even though the correct password is input by voice, User convenience can be improved.

(Fourth embodiment)
FIG. 6 is a block diagram schematically showing the configuration of an information processing apparatus 10C according to the fourth embodiment of the present invention. The information processing apparatus 10 according to the first embodiment has a handwritten character recognition function and is configured to execute an authentication process based on a password input by handwriting on the touch panel 11. The information processing apparatus 10C according to the embodiment is configured to execute an authentication process based on a password input via a software keyboard displayed on a password input screen.

  Note that the information processing apparatus 10C according to the present embodiment is partially the same as the information processing apparatus 10 according to the first embodiment, and the same components are denoted by the same reference numerals and overlapped. Is omitted. Unlike the information processing apparatus 10 according to the first embodiment, the information processing apparatus 10C according to the present embodiment does not require the candidate character storage unit 27.

  FIG. 7 is a diagram illustrating an example of the software keyboard 40 displayed on the password input screen. In the information processing apparatus 10C according to the present embodiment, a software keyboard 40 as illustrated in FIG. 7 is displayed on the password input screen, and the authentication information generation unit 21C of the control apparatus 12C outputs the touch coordinate data output from the touch panel 11 to the touch coordinate data. Based on this, the key touched by the user is determined to generate a password consisting of a character string.

  For example, when the user intends to input a password consisting of the character string “asdf” via the software keyboard 40, the user corresponds to the key “r” as shown in FIG. 7 when inputting the character “d”. If the touched position P1 is touched, the authentication information generation unit 21C generates a password “asrf” and passes it to the authentication information acquisition unit 22.

  Further, when the user intends to input the password consisting of the character string “asdf” via the software keyboard 40, when the user inputs the character “d”, none of the keys corresponds to the key as shown in FIG. When the position P2 is touched, the authentication information generation unit 21C generates a password “as? F” by using a wild card such as “?” As a provisional input value, and the authentication information Pass to the acquisition unit 22.

  If the password input by the user is the character string “asrf” or the character string “as? F” with respect to the password “asdf” for verification stored in the information storage unit 26 for verification, It is determined that the password input by the user and the verification password do not match, and the password input by the user and the verification password are passed to the validity calculation unit 24C.

  When the validity calculation unit 24C receives the password input by the user and the password for verification, the validity calculation unit 24C acquires touch coordinate data used to generate the password input by the user from the authentication information generation unit 21C. .

  Then, the correctness calculation unit 24 </ b> C is actually touch-operated by the user based on the touch coordinate data with respect to each character constituting the password input by the user and different from the constituent characters of the verification password. The coordinates (D′ x, D′ y) of the position P1 or P2 obtained are obtained, and the distance L from the coordinates (Dx, Dy) of the center position P0 of the key of the constituent character corresponding to the character is calculated on the software keyboard 40. Then, by integrating the distance L and the proportionality constant α, a parameter for evaluating the validity of the character input by the touch operation is calculated.

  For example, if the password input by the user is “asrf” with respect to the verification password “asdf”, the validity calculating unit 24 </ b> C performs only the character “r” in the character string “asrf”. ”To obtain the coordinates (D′ x, D′ y) of the position P1 touched to input“ ”, and calculate the distance L from the coordinates (Dx, Dy) of the center position P0 of the key of the constituent character“ d ” Then, the parameter is calculated by integrating the distance L and the proportional constant α.

  In this way, when the parameters are calculated for each character different from the constituent characters of the password for verification, the correctness calculating unit 24C, from the 100 points that are the reference points, as in the first embodiment, The accuracy value N is calculated by subtracting the parameter.

  Here, in the password character string input by the user, n is the number of characters different from the constituent characters of the password for verification, and the key of the constituent character corresponding to the i-th character among the n characters. When the coordinates of the center position are (Dxi, Dyi), the coordinates of the position touched to input the i-th character are (D'xi, D'yi), and the default constant is α, the accuracy value N is calculated by the following equation.

  As described above, in the present embodiment, the accuracy value N is touched to input a different character even if there is a character different from the constituent characters of the verification password in the password input by the user. As the calculated position is closer to the key of the constituent character that should be input, the larger the calculated value, the higher the calculated value, the higher the validity of the input password with respect to the verification password. The

  After calculating the accuracy value N, the correctness calculation unit 24C passes the accuracy value N to the user authentication unit 25, and the user authentication unit 25 satisfies the preset condition for the received accuracy value N. For example, it is the same as in the first embodiment in that the password input by the user is regarded as the same as the verification password, and the user who has input the password is authenticated as a valid user. is there.

  As described above, according to the present embodiment, when a legitimate user inputs a password, which is authentication information, via the software keyboard 40, a touch operation is performed at a position slightly deviated from the character key to be originally input. Thus, even if the correct password cannot be input, if the accuracy value N of the input password satisfies a predetermined condition, the input password is considered to match the verification password. Then, the user is authenticated. Therefore, the troublesomeness of having to input the password again can be eliminated, and the convenience for the user can be improved.

  As another embodiment, as in the third embodiment, if authentication information is erroneously input continuously for a predetermined allowable number of times, it has a function of making subsequent authentication processing impossible, and a user. Even if the password entered in step 1 does not match the verification password, it may be configured to have a function of adjusting the allowable number according to the accuracy value N.

  In each of the above embodiments, the password is used as authentication information. However, in order to authenticate whether or not the user is a valid user, not only the password but also an input of a user ID (Identifier) is requested. In the information processing apparatus, the user ID input by the user may be determined based on the accuracy value N as in the case of the password.

(Fifth embodiment)
FIG. 8 is a diagram schematically showing a configuration of an information processing system 100 including an information processing apparatus 10D according to the fifth embodiment of the present invention. The information processing system 100 includes a client device 50 that is operated by a user to input authentication information, and an information processing device 10D that is a server device that executes processing for authenticating the user based on the input authentication information. The client device 50 and the information processing device 10D are configured to be able to communicate with each other via a communication network 45 such as the Internet.

  Note that the information processing apparatus 10D according to the present embodiment includes the communication module 34 instead of the touch panel 11, and the control apparatus 12D does not have a function as the authentication information generation unit 21 in the first implementation. Unlike the information processing apparatus 10 according to the embodiment, since the remaining configuration is the same, the same reference numerals are given and redundant description is omitted.

  The client device 50 includes the touch panel 11, the authentication information generation unit 21, and the communication module 35, and is equipped with a handwritten character recognition function that recognizes characters input by handwriting on the touch panel 11.

  In the client device 50, when a password is handwritten on the touch panel 11 by the user, the authentication information generation unit 21 generates a password including a character string based on the touch coordinate data output from the touch panel 11, The generated password is passed to the communication module 35.

  The communication module 35 functions as a communication interface for transmitting and receiving data to and from the information processing apparatus 10D via the communication network 45. When the communication module 35 receives a password from the authentication information generating unit 21, the communication module 35 receives the received password. Send to 10D.

  On the other hand, the communication module 34 provided in the information processing apparatus 10D functions as a communication interface for transmitting and receiving data to and from the client apparatus 50 via the communication network 45. When a password is received from the client apparatus 50, the communication module 34 receives the password. Pass the password to the authentication information acquisition unit 22. The processing after the authentication information acquisition unit 22 receives the password is the same as that of the information processing apparatus 10 according to the first embodiment.

  As described above, according to the present embodiment, the information processing system 100 including the client device 50 and the information processing device 10D that is the server device can also achieve the same effects as those of the first embodiment.

  In the information processing system 100 according to the present embodiment, as a server device, information in which the touch panel 11 is replaced with the communication module 34 and the function as the authentication information generation unit 21 in the information processing device 10 according to the first embodiment is omitted. Although the processing device 10D is used, as another embodiment, the touch panel 11 in the information processing devices 10A, 10B, and 10C according to the second to fourth embodiments is replaced with the communication module 34, and the authentication information generating unit 21 is used. An information processing apparatus that omits the function may be used as a server apparatus.

  In the information processing apparatus 10C according to the fourth embodiment, when the information processing apparatus in which the touch panel 11 is replaced with the communication module 34 and the function as the authentication information generation unit 21 is omitted is used as the server apparatus, the client What is necessary is just to comprise so that touch coordinate data may be transmitted from the apparatus 50 with a password.

(Sixth embodiment)
FIG. 9 is a diagram schematically showing a configuration of an information processing system 100A including an information processing apparatus 10E according to the sixth embodiment of the present invention. The information processing system 100A includes an information processing device 10E that is a client device operated by a user to input authentication information, and a server device 60 (authentication device) that executes processing for authenticating the user based on the input authentication information. ), The information processing apparatus 10E and the server apparatus 60 are configured to be able to communicate with each other via a communication network 45 such as the Internet.

  First, the server device 60 will be described. The server device 60 includes the user authentication unit 25 and a communication module 36. The communication module 36 functions as a communication interface for transmitting and receiving data to and from the information processing apparatus 10E via the communication network 45. When receiving a password from the information processing apparatus 10E, the communication module 36 uses the received password to the user authentication unit 25. To pass.

  When the user authentication unit 25 receives the password from the communication module 36, the user authentication unit 25 compares the received password with a pre-registered verification password used for authenticating that the user is a legitimate user, and receives the received password. If the password and the verification password completely match, the user who entered the password is authenticated as a valid user.

  In the server device 60, if the user authentication unit 25 determines that the received password and the verification password do not match, it is assumed that the password input by the user is an incorrect input, and erroneous input continues. Count the number of occurrences. When the counted number coincides with a predetermined allowable number stored in a storage device (not shown), the subsequent authentication processing is made impossible.

  In the information processing apparatus 10E according to the present embodiment, the control device 12E has a function as the transmission unit 37 instead of the function as the user authentication unit 25, and further includes a communication module 34. Unlike the information processing apparatus 10 according to the first embodiment, since the remaining configuration is the same, the same reference numerals are assigned and redundant description is omitted.

  The communication module 34 functions as a communication interface for transmitting and receiving data to and from the server device 60 via the communication network 45. When receiving a password from the transmission unit 37, the communication module 34 transmits the received password to the server device 60. .

  When the transmission unit 37 receives a notification from the determination unit 23 that the password input by the user matches the verification password, the transmission unit 37 processes the password input by the user in the communication module 34. It is transmitted to the device 10E.

  Further, when receiving the accuracy value N from the validity calculating unit 24, the transmission unit 37 transmits the accuracy value N to the server device 60 depending on whether or not the received accuracy value N satisfies a predetermined condition. change the password.

  Here, as in the first embodiment, assuming that the accuracy value N is a perfect score, the transmission unit 37 specifically specifies that the accuracy value N satisfies the condition of N ≧ th1. Assuming that the password entered by the user matches the verification password, the communication module 34 is caused to transmit the verification password to the server device 60.

  If the accuracy value N satisfies th1> N ≧ th2, the password is not passed to the communication module 34. Thereby, the password is not transmitted from the information processing apparatus 10E. If the accuracy value N satisfies th2> N, the password input by the user is transmitted to the server device 60 by the communication module 34.

  For example, if the threshold th1 is set to 90 points and the threshold th2 is set to 80 points, if the accuracy value N for the password input by the user is 90 points or more, the verification information storage unit 26 stores the threshold value th1. The stored verification password is transmitted to the server device 60. If the accuracy value N is 80 points or more and less than 90 points, no data is transmitted to the server device 60, and the accuracy value is If N is less than 80, the password input by the user is transmitted to the server device 60.

  Thus, according to the present embodiment, even if the password input by the user and the verification password do not match, the password is input based on the accuracy value N for the input password. When it can be considered that the password and the verification password match, the verification password is transmitted to the server device 60, whereby the user is authenticated.

  Therefore, even if the correct password is input by handwriting, even if it is regarded as an erroneous input by handwritten character recognition, the troublesomeness of having to input the password again can be eliminated. Convenience can be improved.

  Further, according to the present embodiment, even if it is not possible to consider that the input password and the verification password match, the validity is based on the accuracy value N for the input password. If it can be determined that the degree of password is high, by not transmitting the password to the server device 60, the number of erroneous input until the authentication process becomes impossible before and after the password is input is substantially maintained. The Rukoto.

  As a result, even if the correct password is handwritten and the case where the entered password and the password for verification are not considered to coincide with each other due to handwritten character recognition, the authentication process Can be avoided. Therefore, convenience can be improved for a legitimate user.

  Further, according to the present embodiment, in the information processing system 100A including the information processing apparatus 10E that is a client apparatus operated by a user to input a password, and the server apparatus 60 that executes processing for authenticating the user, A function for eliminating the troublesomeness of re-entry of the password due to incorrect input of the password can be installed in the information processing apparatus 10E instead of the server apparatus 60. Therefore, since it is not necessary to modify the already constructed system on the server device 60 side, it is possible to suppress the modification cost when introducing the system into the existing system.

  As another embodiment, when the allowable number of times stored in the server device 60 is stored in the information processing apparatus 10E as the allowable number of transmissions, and the accuracy value N satisfies th2> N, Further, if th3 ≧ N (th3 <th2) is satisfied, the transmission unit 37 may be configured to decrease the allowable number of transmissions stored in the own device by one.

  Here, the allowable number of transmissions is an allowable number of times that the password is allowed to be transmitted to the server device 60, and the transmission unit 37 transmits the password to the server device 60, and the case where the user is not authenticated continues. When the number of occurrences coincides with the allowable number of transmissions, the password is not transmitted to the server device 60.

  Therefore, according to this embodiment, when it can be determined that the degree of legitimacy of the input password is very low based on the accuracy value N for the password input by the user, the allowable transmission count is only 1. By reducing the number, the number of erroneous input until the password cannot be transmitted is made smaller than usual.

  If the entered password is very low, it can be determined that the password has been entered by an unauthorized user. As a result, security can be enhanced in the information processing apparatus 10E.

DESCRIPTION OF SYMBOLS 10 Information processing apparatus 11 Touch panel 12 Control apparatus 13 Storage apparatus 21 Authentication information generation part 22 Authentication information acquisition part 23 Determination part 24 Validity calculation part 25 User authentication part 26 Information storage part for collation 27 Candidate character storage part

Claims (5)

An authentication information acquisition unit for acquiring authentication information generated based on input information output from the input device;
A collation information storage unit that stores pre-registered collation information used to authenticate a user;
A validity calculating unit that calculates a value indicating how appropriate the authentication information is with respect to the verification information;
An information processing apparatus comprising: a user authentication unit that authenticates a user when a value calculated by the validity calculation unit satisfies a predetermined condition. An authentication information acquisition unit for acquiring authentication information generated based on input information output from the input device;
A collation information storage unit that stores pre-registered collation information used to authenticate a user;
A validity calculating unit that calculates a value indicating how appropriate the authentication information is with respect to the verification information;
An authentication failure frequency storage unit that stores the number of times authentication has failed continuously;
An allowable reference value storage unit that stores an allowable reference value for determination that allows the number of authentication failures; and
A user authentication unit that authenticates a user when the number of authentication failures is a value that is allowed in comparison with the allowable reference value and the authentication information and the verification information match;
An information processing apparatus comprising: a number adjusting unit that increases or decreases the number of authentication failures or the allowable reference value depending on whether a value calculated by the validity calculating unit satisfies a predetermined condition; . An information processing apparatus capable of communicating with an authentication apparatus that authenticates a user based on authentication information transmitted from an external apparatus,
An authentication information acquisition unit for acquiring authentication information generated based on input information output from an input device used to input authentication information;
A collation information storage unit that stores pre-registered collation information used to authenticate a user;
A validity calculating unit that calculates a value indicating how appropriate the authentication information is with respect to the verification information;
And a transmitter that transmits the verification information used for verification to the authentication device as authentication information when the value calculated by the validity calculation unit satisfies a predetermined condition. Processing equipment. Each of the authentication information and the verification information is information consisting of a character string,
For each constituent character constituting the collation information, a plurality of candidate characters are stored in association with each other, and each candidate character and a value for evaluating the validity of the candidate character with respect to the corresponding constituent character are calculated. A candidate character storage unit for storing the parameters to be used in association with each other;
The legality calculation unit calculates a value indicating how appropriate the authentication information is with respect to the verification information, based on a parameter corresponding to each character constituting the authentication information. 4. The information processing apparatus according to any one of 3. An information processing apparatus capable of communicating with an authentication apparatus that authenticates a user using authentication information transmitted from an external apparatus, and having a storage unit that stores pre-registered verification information used for authenticating the user An information processing program for transmitting authentication information to the authentication device by a computer provided therein,
In the computer,
Obtaining authentication information generated based on input information output from the input device;
Calculating a value indicating how appropriate the authentication information is with respect to the verification information;
An information processing program that, when the calculated value satisfies a predetermined condition, executes a step of transmitting the verification information used for verification as authentication information to the authentication device.

Images