[go: up one dir, main page]

WO2011099446A1 - Dispositif d'authentification et procédé d'authentification - Google Patents

Dispositif d'authentification et procédé d'authentification Download PDF

Info

Publication number
WO2011099446A1
WO2011099446A1 PCT/JP2011/052518 JP2011052518W WO2011099446A1 WO 2011099446 A1 WO2011099446 A1 WO 2011099446A1 JP 2011052518 W JP2011052518 W JP 2011052518W WO 2011099446 A1 WO2011099446 A1 WO 2011099446A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
input
authentication
unit
image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2011/052518
Other languages
English (en)
Japanese (ja)
Inventor
竹田 真弓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Konica Minolta Inc
Original Assignee
Konica Minolta Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Konica Minolta Inc filed Critical Konica Minolta Inc
Publication of WO2011099446A1 publication Critical patent/WO2011099446A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • the present invention relates to an authentication device and an authentication method, and more particularly to an authentication device and an authentication method for performing user authentication based on information input from the outside.
  • Non-Patent Document 1 As such a technique, as described in Non-Patent Document 1, for example, an object is displayed on a screen, and authentication is performed based on appropriateness such as a point touching the object and its order, or non-patent As described in Document 2, there are some cases where a plurality of points are displayed on the screen, and authentication is performed based on the suitability of the tracing method (pattern) of the plurality of points.
  • the user's input action of touching the screen with a specific pattern has a new problem that the contents can be easily estimated by a third party who has seen the action.
  • the conventional technology if it is attempted to input authentication information in a short time and easily, the content may be easily estimated by a third party, and the security strength cannot be ensured. In this case, there is a problem that it is complicated for the user.
  • An authentication apparatus receives an input of information for dividing a predetermined region, a storage unit for storing information related to division of the predetermined region, and an input to the receiving unit
  • a generation unit for generating information for dividing a predetermined area based on the information, and a determination unit for determining whether the information generated by the generation unit matches information stored in the storage unit; Is provided.
  • An authentication method is a method for authenticating a user at an information terminal, the step of accepting input of information for dividing a predetermined area, and the step of storing information relating to division of the predetermined area; The step of generating information for dividing the predetermined area based on the input information, and the information for dividing the predetermined area generated based on the input information match the information stored in the storage unit Determining whether or not to do so.
  • the authentication apparatus can achieve both security strength and user convenience.
  • FIG. 1 shows an appearance of an information terminal 100 that is the first embodiment of the authentication apparatus of the present invention.
  • the information terminal 100 has a display unit 110 on its main surface.
  • the display unit 110 is configured by a general display device such as an LCD (liquid crystal display).
  • a power key 111 for switching ON / OFF of power-on of the information terminal 100 is provided on the right side surface of the information terminal 100.
  • a card slot 120 for inserting a recording medium such as a memory card into the main body of the information terminal 100 is provided on the lower surface of the information terminal 100.
  • the information terminal 100 is provided with a touch pen 190 that is separated from the main body of the information terminal 100.
  • the card reader 108 reads and / or writes information with respect to the recording medium inserted into the card slot 120.
  • FIG. 3 is a control block diagram of the information terminal 100.
  • input determination unit 151 detects that the operation has been performed and the content thereof.
  • the information input unit 150 is configured by the touch sensor 107, the operation keys 112 to 115, and the input determination unit 151.
  • the display control unit 155 controls the display content of the display unit 110 via the drawing control unit 156, and stores the screen data displayed on the display unit 110 in the second storage unit 153.
  • authentication information information used for user authentication is referred to as authentication information.
  • the authentication information includes an authentication image displayed on the display unit 110 at the time of user authentication, and division information that is information for specifying a mode for dividing the authentication image with respect to the authentication image.
  • the authentication information generation unit 152 stores the authentication image in the first storage unit 158 and stores the division information in the third storage unit 157.
  • the input determination unit 151, the authentication determination unit 154, the display control unit 155, the drawing control unit 156, the authentication information generation unit 152, and the input information generation unit 159 are stored in the HDD 104 or the like. It is realized by executing the program. Each unit may be realized by a dedicated hardware component such as a dedicated LSI (Large-Scale Integration) having an equivalent function.
  • LSI Large-Scale Integration
  • FIG. 4 is a flowchart of a main routine executed in information terminal 100 of the present embodiment.
  • the main routine is started when the power key 111 is operated from the state where the information terminal 100 is turned off.
  • step S2 the CPU 101 executes an authentication information registration process and proceeds to step S4. Details of the authentication information registration process will be described later.
  • step S3 the CPU 101 executes a user authentication process and advances the process to step S4.
  • step S4 the CPU 101 determines whether or not an operation for turning off the information terminal 100 has been performed. If it is determined that the operation has not been performed, the process proceeds to step S5.
  • FIG. 5 is a flowchart of a subroutine of authentication information registration processing in step S2.
  • step S21 CPU 101 registers information for specifying the authentication image in first storage unit 158, and the process proceeds to step S22.
  • the authentication image may be specified by information input by a user who operates the information terminal 100, or the CPU 101 stores it in a storage device such as the HDD 104 or another device on the network using a random number or the like. It may be configured to select from the images that are displayed.
  • step S22 the CPU 101 registers the above division information in the third storage unit 157, and returns the process to FIG.
  • division information can be, for example, information on how many areas the display unit 110 is divided into.
  • step S32 the display control unit 155 sends the authentication image acquired in step S31 to the drawing control unit 156, causes the display unit 110 to display the image, and proceeds to step S33.
  • step S33 the CPU 101 activates the input device (touch sensor 107 and operation keys 112 to 115), and advances the process to step S34.
  • step S34 the process waits until there is an input to the input device, and in step S35, it is determined whether or not an input has been made. If it is determined that an input to the input device has been made, the process proceeds to step S36.
  • step S36 the display control unit 155 updates the display content of the display unit 110 based on the information input to the touch sensor 107, and the process proceeds to step S37.
  • step S37 the input determination unit 151 determines whether or not the input of information to the touch sensor 107 has been completed. When it is determined that the input has not been completed, the process returns to step S34, and when it is determined that the input has been completed, the process proceeds to step S38. Proceed with the process.
  • step S37 for example, an operation key (any one of the operation keys 112 to 115) that is a condition for completing the input is operated, or an input to the touch sensor 107 is not continuously performed for a predetermined time. It is determined that the input is completed as a condition.
  • step S38 the input information generation unit 159 generates information for dividing the display unit 110 based on the information input to the touch sensor 107, and advances the process to step S39.
  • step S39 if the result of the authentication process in step S39 is an authentication success, the process proceeds to step S4 and subsequent steps, but if the authentication fails, the process does not proceed to step S4 and subsequent steps. An error notification or the like is made.
  • FIG. 8 is a diagram showing the screen updated so as to add a locus of input to the touch sensor 107 in step S36.
  • Lines 901 and 902 are added and displayed in addition to image 990 shown in FIG. Lines 901 and 902 represent two linear trajectories input to the touch sensor 107.
  • the input information generation unit 159 interpolates each of the two lines 901 and 902 input to the touch sensor 107 using a well-known method such as a Lagrangian interpolation method, so as to reach the end of the display unit 110.
  • the data is interpolated so that the line segment reaches.
  • FIG. 10 shows a state where the line 901 is interpolated.
  • the interpolated portion is indicated by a broken line.
  • FIG. 11 a portion extended by interpolation is indicated by a broken line.
  • the input information generation unit 159 is an area in which the display area of the display unit 110 is divided by the locus of input to the touch sensor 107 and the line obtained by interpolating the locus as shown in FIG. The number of is calculated. In the example shown in FIG. 11, the display area of the display unit 110 is divided into four areas.
  • step S39 the authentication determination unit 154 determines the number of areas acquired by the input information generation unit 159 in the manner described with reference to FIG. 11 and the areas stored in advance in the third storage unit 157. The numbers are compared, and if they match, it is determined that the user authentication has succeeded, and if they do not match, it is determined that the user authentication has failed.
  • the end of the line 911 that is in contact with the line 912 is also interpolated in the same manner as the end of the non-contacting end.
  • the display area of the display unit 110 is divided into four.
  • Which interpolation mode is used in the information terminal 100 may be set in advance in the information terminal 100, or may be set based on information input to the input device by the user.
  • the touch sensor 107 may be touched so as to draw the trajectory of two lines 932, or the trajectories of lines 941, 942, and 943 that do not intersect each other may be input as shown in FIG. Further, as shown in FIG. 18C, a touch operation along lines 951, 952, and 953 including a curve 953 may be performed. Since either input is an input of information for dividing the display area of the display unit 110 into four, it is determined that the input information matches the information for division, and it is determined that the user authentication is successful.
  • the “number” of divided areas generated by dividing the display area of the display unit 110 is used as the authentication information.
  • the authentication image information stored in the first storage unit 158 includes information for displaying the image 980 in FIG.
  • an image 980 is an image including six objects of watermelon 961, pineapple 962, melon 963, cherry 964, apple 965, and orange 966.
  • Table 1 stores information (display label) that defines image information and display position of each object.
  • object number 5 “apple” (apple 965 in FIG. 19) and object number 6 “orange” (orange 966 in FIG. 19) are grouped into group number “1”. It is divided. Further, “pineapple” of object number 2 (pineapple 962 in FIG. 19) is grouped into group number 2.
  • the division information in the third storage unit 157 conditions for dividing the region including the relationship between these groups are further stored.
  • a condition for example, “to generate a divided region that accommodates objects of group 1 and does not accommodate objects of group 2” can be cited.
  • FIG. 20 shows a region that satisfies such a condition.
  • image 981 shows six objects such as watermelon 961, and operates touch sensor 107 while image 981 is displayed on display unit 110.
  • the locus of the image 981A input is shown.
  • the closed region 982A constituted by the locus includes melon 963 and the whole of the apples 965 and orange 966 of group number 1 in Table 2, and at least for the pineapple 962 of group number 2 A part is located outside the locus 972. Accordingly, it is determined that the information generated by the input information generation unit 159 matches the division information stored in the third storage unit 157 in the same way as the locus 971 in FIG. Judge as successful.
  • the input information generation unit 159 receives the information for designating a plurality of points as indicated by the points P1 to P8 in FIG.
  • a closed figure shown as an image 981 may be generated by an existing interpolation method using points (Lagrange interpolation method or the like) to perform user authentication.
  • the image 983 includes a region 983A.
  • the region 983A is a locus of a touch operation performed on the touch sensor 107 when the image 983 is displayed on the display unit 110, and is generated by the input information generation unit 159.
  • FIG. 23 at least a part of apples 965 and orange 966 that are objects classified into group number 1 is not included in region 983A.
  • the conditions stored in Table 2 cannot be satisfied.
  • the authentication determination unit 154 determines that the information stored in the second storage unit 153 and the information stored in the third storage unit 157 (dividing information) do not match, and performs user authentication. Judge that it failed.
  • lines generated by separation are indicated by broken lines 985A to 985D.
  • the locus 985 can form a closed region together with the end of the display unit 110 by connecting the fragmented portions with broken lines 985A to 985D.
  • a closed region is configured by a line formed by a locus 985 connected by broken lines 985A to 985D and an end portion of the lower right portion of the display unit 110, and the closed region includes apples 965 and The whole orange 966 is included.
  • information for dividing the display area of the display unit 110 is input to the information terminal 100 as information for dividing the area.
  • the information for dividing the region may not be input to the display device such as the display unit 110 in the recognition device according to the present invention.
  • the information that the user needs to input at the time of authentication may be information for dividing a predetermined area (image 980 or the like), and is specified in the object. It does not have to be information for designating the part. That is, for example, when the information that the user needs to input is “information for dividing the input area into three areas”, the information that the user needs to input is the input area vertically Information that is divided into three parts or information that is divided into three parts horizontally may be used.
  • the authentication device it is possible to improve the security strength without complicating the contents required for the user for authentication.
  • 100 information terminal 101 CPU, 102 RAM, 103 ROM, 104 HDD, 105 communication I / F, 106 input unit, 107 touch panel, 108 card reader, 110 display unit, 150 information input unit, 151 input determination unit, 152 for authentication Information generation unit 153, second storage unit, 154 authentication determination unit, 155 display control unit, 156 drawing control unit, 157 third storage unit, 158 first storage unit, 159 input information generation unit, 990 authentication image.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

Dans un terminal d'informations (100), un capteur tactile (107) reçoit une entrée d'informations pour diviser une image affichée sur une unité d'affichage (110). Des informations d'utilisation d'authentification mémorisées dans une troisième unité de mémorisation (157) comprennent une image d'utilisation d'authentification et des informations d'utilisation de division. Une unité d'estimation d'authentification (154) estime qu'une authentification d'utilisateur est réussie lorsqu'il est déterminé que le résultat de l'image d'utilisation d'authentification divisée selon les informations appliquées au capteur tactile (107) correspond au résultat de l'image d'utilisation d'authentification divisée selon les informations d'utilisation de division.
PCT/JP2011/052518 2010-02-12 2011-02-07 Dispositif d'authentification et procédé d'authentification Ceased WO2011099446A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2010-029233 2010-02-12
JP2010029233A JP2013080267A (ja) 2010-02-12 2010-02-12 認証装置および認証方法

Publications (1)

Publication Number Publication Date
WO2011099446A1 true WO2011099446A1 (fr) 2011-08-18

Family

ID=44367720

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/052518 Ceased WO2011099446A1 (fr) 2010-02-12 2011-02-07 Dispositif d'authentification et procédé d'authentification

Country Status (2)

Country Link
JP (1) JP2013080267A (fr)
WO (1) WO2011099446A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103366105A (zh) * 2012-03-29 2013-10-23 宇龙计算机通信科技(深圳)有限公司 私密空间的实现方法及通信终端

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763370B (zh) * 2014-01-20 2018-07-06 北京奇虎科技有限公司 一种更改移动终端工作区锁屏密码的方法、系统及装置
KR102061941B1 (ko) * 2017-10-16 2020-02-11 강태호 지능형 단축 제어방법 및 이를 수행하는 전자장치
KR102061940B1 (ko) * 2017-10-16 2020-01-02 강태호 신속한 서비스 수행을 위한 사용자 인터페이스 방법 및 그 전자기기
US20220019348A1 (en) * 2018-12-06 2022-01-20 Tae Ho Kang Touch interface device and control method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007094682A (ja) * 2005-09-28 2007-04-12 Hitachi Koukiyou Syst Eng Kk モバイル装置によるパスワード生成方法,パスワード認証方法,並びにパスワード生成装置およびパスワード認証装置

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007094682A (ja) * 2005-09-28 2007-04-12 Hitachi Koukiyou Syst Eng Kk モバイル装置によるパスワード生成方法,パスワード認証方法,並びにパスワード生成装置およびパスワード認証装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KAZUNORI KASHIMA: "Next generation visual password tool", IEICE TECHNICAL REPORT, vol. 100, no. 213, 18 July 2000 (2000-07-18), pages 121 - 127 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103366105A (zh) * 2012-03-29 2013-10-23 宇龙计算机通信科技(深圳)有限公司 私密空间的实现方法及通信终端

Also Published As

Publication number Publication date
JP2013080267A (ja) 2013-05-02

Similar Documents

Publication Publication Date Title
US10313882B2 (en) Dynamic unlock mechanisms for mobile devices
US10218506B1 (en) Cross-device authentication
US10223517B2 (en) Gesture-to-password translation
EP3443724B1 (fr) Mots de passe d'image de service web
CN103297606B (zh) 一种控制电子设备的方法及电子设备
US9953183B2 (en) User verification using touch and eye tracking
US20130212674A1 (en) System and method for signature pathway authentication and identification
KR101556599B1 (ko) 패턴 입력 장치 및 방법과 이를 이용한 기록 매체
US10146933B1 (en) Access control using passwords derived from phrases provided by users
CN103034429A (zh) 用于触摸屏的身份验证方法和装置
Meng et al. Enhancing click-draw based graphical passwords using multi-touch on mobile phones
WO2011099446A1 (fr) Dispositif d'authentification et procédé d'authentification
US9858409B2 (en) Enhancing security of a mobile device using pre-authentication sequences
US20140150085A1 (en) User authentication based on a user's operation on a displayed three-dimensional model
JP4893167B2 (ja) 認証方法
KR101435487B1 (ko) 사용자 단말기, 사용자 단말기의 숨김 페이지 사용 방법 및 컴퓨터 판독 가능한 기록 매체
US11386188B2 (en) Method and system for recognizing input using index of variable grid
US11277397B2 (en) Method and system for user authentication
Kim et al. Spyware resistant smartphone user authentication scheme
CN105446576B (zh) 一种信息处理方法及电子设备
US10263972B1 (en) Authenticating by labeling
US9607139B1 (en) Map-based authentication
KR102246446B1 (ko) 문자와 패턴을 조합한 인증암호의 인증방법 및 인증장치
US8487875B1 (en) Systems and methods for entering data into electronic device with minimally-featured keyboard
US20170351865A1 (en) Computing device to generate a security indicator

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11742190

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11742190

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP