JP6502083B2 - Authentication device, information terminal device, program, and authentication method - Google Patents

Description

  The present invention relates generally to an authentication device or the like called personal authentication. More specifically, the present invention relates to an authentication device or the like used in a system that determines the permission or denial of operation from the information terminal device based on at least an account identifier and information such as a password attached to the account identifier. More specifically, the present invention relates to a person authentication system in which a code derived from information issued from a person is used as a key for encryption, and the encryption is applied to a password.

(1. Overview of background art)
Recently, the spread of portable information terminals represented by smartphones has been remarkable. The smartphone functions as a browser immediately after purchase, and of course, the user can optionally install the program, so that the designer can operate as intended. The smartphone can also configure programs that become clients in the server-client model to have communication capabilities. Generally, in an application where a smartphone constructs a server client model, so-called authentication processing is performed.

  In the authentication process, the client sends out information integrated with the account identifier associated with the user or the account and the password associated with the account identifier from the client to the server, and these correspond to those registered in advance. When the client is allowed to operate the server. The account identifier and password are generally a sequence of numbers and characters, which is not appropriate for one to remember. From such a background, in a smartphone on the premise of a mode in which a specific individual is generally dedicated, it is generally used to record information required in server authentication in advance in the smartphone as well. ing.

  However, when programmed in this way, when the smart phone gets into the hands of others, it becomes possible for other people without the operation authority to operate the server, resulting in security inconvenience.

  On the other hand, in recent years, techniques that use graphic information that easily remains in memory for personal identification are widely used. Above all, gesture patterns and locks using gesture patterns are becoming widespread. The gesture pattern lock is a lock that can be released by swiping the operation panel along a previously registered trajectory.

(2. Specific background technology)
Under such circumstances, a technique for encrypting and recording an account identifier and a password can be considered. For example, in Patent Document 1, an ID (equivalent to an account identifier) and a password are encrypted with an encryption key called Fast data Encipherment Algorithm.

  On the other hand, even if a gesture pattern is used, it seems that there are currently two approaches. First, there is an implementation that uses the gesture pattern itself as a password. The abstract of Patent Document 2 describes "a graphical pass code (which is used in the same manner as a password (equivalent to a gesture pattern))" and discloses a technique of using a gesture pattern as a password. . Also, there is an example in which a gesture pattern is implemented as a password to recover when the smartphone is suspended, but this function is performed for the permission or denial of the operation itself to the smartphone.

  Next, there is an implementation that uses a gesture pattern as an encryption key. For example, paragraph 0050 of Patent Document 3 suggests a technique of “deriving a string that can be used to form an encryption key” from a gesture pattern.

JP-A-9-130376 JP 2011-524592 gazette JP-A-2010-541089

However, as shown in Patent Document 1, even if a password or the like is encrypted and either of the public key method and the secret key method is adopted in the encryption, when the smart phone gets over the hand of another person It can not be avoided that the server can be operated by another person.
In addition, with the technique that requires a specific gesture pattern when returning from the smartphone's suspended state, it is common for users who use application programs that do not mainly require high security to set this to not function. is there.
In addition, even if the password for recovering from the suspended state is provided, the possibility of the memory being analyzed when passing over the hand remains as long as the password itself is recorded in the smartphone itself (hereinafter, “Problem 1” ")). This is the same even if a graphical pass code (gesture pattern) is used as the password.

  As shown in Patent Document 2, even if the gesture pattern itself is used as a password, the gesture pattern itself has a variable length, and security can not be maintained with a short trajectory (hereinafter referred to as "Problem 2") . In addition, there is a server that only allows passwords according to certain rules, such as having to mix multiple character types, in order to improve security, but even in such a case, arbitrary data including gesture patterns are registered. There is a regret that can not be done (hereinafter referred to as “task 3”).

  Furthermore, even if the gesture pattern is implemented as an encryption key, Patent Document 3 does not disclose or suggest how to configure an authentication system. This is the same even if the description of Patent Document 1 is combined.

(1. Outline of a series of inventions in the present application)
The series of inventions in the present application reduce the above-mentioned problems, and the objective is to use information generated from a living body as the origin of the encryption key and encrypt the password using this encryption key. It tries to keep password security as much as possible by eradicating password recording.

(2. Definitions of terms used in the present application)
In the present application, "biological information" refers to physical information unique to the human body that can be observed from the outside even if it is unconscious. For example, a fingerprint or a retina pattern corresponds to this.
"Biometric transmission information" is information that a person emits to the outside based on consciousness and discriminates a human body individual. Character strings and gestures / patterns etc. instructed to a device based on memory are one-dimensional information such as simple character strings and fingertip trajectory, two-dimensional information such as still images, three-dimensional information such as moving images, stereo It may be four-dimensional information etc. such as moving pictures.
"Information emitted from a living body" refers to information which can be widely observed in a living body, including both the above-mentioned living body information and living body transmission information.
The term "derived from information" means not only the information itself but also information obtained by performing some conversion processing on the information regardless of reversible conversion and irreversible conversion.
"Key basic information" is information used as a basis for generating an encryption key. Expressing mathematically, the function that derives the encryption key uses key basic information as a variable.
The "raw password" refers to the password itself to be entered along with the account ID at the time of authentication on the main server. Note that "raw plaintext password" is also synonymous, but is particularly used to emphasize an unencrypted password.

(3. The invention according to each claim)
The invention according to claim 1 is an authentication device to be positioned as a server in a client-server model, and mainly aims to reduce the problem 1. Then, from the client, an account identifier (hereinafter referred to as an “account ID”) that enables identification to be individually different for each account, an encrypted password, and information derived from information issued from a living body Receiving, at least these three pieces of information will be used by the client to decide whether to use server resources.

In this authentication device, as a premise, there is an information terminal device connected to a network and to be a target of communication as a client.
This information terminal apparatus comprises an account identifier recording unit, an encrypted password recording unit, and a key basic information acquisition unit. Furthermore, an encryption key generation unit may be provided.
The account identifier recording unit records an account ID.
The encrypted password recording unit records the encrypted password.
The key basic information acquisition unit acquires key basic information from the operator.
Also, the encryption key generation unit generates an encryption key from the key basic information acquired by the key basic information acquisition unit.
The authentication device according to claim 1, which communicates with the information terminal device as described above, comprises a password encryption unit, an account information reception unit, and a decryption unit.
The password encryption unit encrypts the authentication password of the main server with the encryption key generated from the key basic information, and causes the encrypted password recording unit of the information terminal device to record the encrypted password through the network.
Here, as to the point of generating the encryption key from the key basic information, when the information terminal apparatus is provided with the encryption key generation unit, the information generation unit generates the encryption key by the encryption key generation unit. When the information terminal apparatus is not equipped with the encryption key generation unit, the authentication apparatus generates it.
The account information receiving unit is recorded in the account identifier recording unit in the information terminal device when determining whether or not the operator who operates the main server is permitted to operate the main server via the information terminal device. Receive the account ID and encrypted password.

Decoding unit, from the account information taken received by the receiving unit the encrypted password is decrypted to the plaintext password using an encryption key.
The encryption key is obtained when deciding whether to allow the operator who operates the main server via the information terminal device to operate the main server. When the encryption key generation unit is provided in the information terminal apparatus, the encryption key generation unit generates the encryption key from the key basic information. When the information terminal apparatus is not equipped with the encryption key generation unit, the authentication apparatus generates it.
With the above configuration, the main server operation permission is determined using the account identifier and the plaintext password converted by the decryption unit.

The invention according to claim 2, taking the operation panel as the key base information acquisition unit that the information terminal device includes, an information operator from the manipulation panel is entered based on the memories of the operator as a key basic information, the The information terminal device transmits to the authentication device according to the present invention.

The invention according to claim 3 can be obtained even if the biometric information acquisition means is employed as the key basic information acquisition unit included in the information terminal device as the client, and the operator does not store the information from the biometric information acquisition means. Ru der shall take biometric information to key basic information. This is an authentication device that can be implemented when the information terminal device as a client can acquire biometric information. That is, biometric information is used as key basic information. What the present invention is Der those primarily reduce the problems 1 and issues 3, the information obtained from the biometric information obtaining means as the basic information, the key base information persists, which the authentication device according to the present claims It is something to send.

  The invention according to claim 4 is an authentication device that can be implemented when an information terminal device as a client can acquire biological transmission information, and mainly aims to reduce problems 1 and 2. The authentication device according to the present invention comprises a mismatch counting unit, an account stop information recording unit, and an authentication permission / disapproval determination unit.

The mismatch counting unit is configured to count the number of times of rejection when it is determined that the determination of the main server operation “reject” has been continued by the authentication permission determination unit described later for one account ID.

The account stop information recording unit is configured to record, for the account ID, account stop information indicating that the subsequent operation by the account ID should be rejected, when the counted value in the mismatch counting unit exceeds the predetermined value. It has become.

The authentication permission determination unit detects whether or not the combination of the account ID and the password matches a predetermined one for the account ID for which the account stop information recording unit has no record of the account stop information, and determines whether or not the account stop information recording unit Determine the certification.

  The invention according to claim 5 relates to an authentication program which causes a computer to operate as an authentication device, the main part of which is as described in claim 2.

The invention according to claim 6 corresponds to the authentication device according to claim 1, and relates to an authentication method which is reconstructed focusing on time series.

The invention of claim 7 relates to the authentication method corresponding to the authentication device according, was reconstituted by focusing on the time series to claim 4.

The relationship of each claim described above is as follows.

According to the invention of each claim of the present application, since the password itself is recorded from both the information terminal device and the authentication device functioning as a client, it is possible to maintain extremely high security. The password used on the primary server remains unchanged . On the other hand, the encryption key is obtained from information issued from the living body or key basic information generated on the basis of the information rather than encryption using an arbitrarily determined encryption key .
And for this reason, the authentication operation accompanied by complicated password input is reduced.

Furthermore, only the main server can grasp all about the combination of the account ID that finally identifies the account in the authentication device and the password that certifies whether or not the user is authorized to use the account. Among them , when the main server is operated by the authentication device, in order to reproduce the password, the information issued from the living body is essential, but the information issued from the living body or the key basic information generated based on this is , It is only used as an encryption key for reproducing the password, and alone is not recorded in any of the information terminal device and the authentication device . This makes it possible to build a system with extremely high security.
In addition, since the password itself is not recorded, and the function to process encryption / decryption with respect to the password is not included in the information terminal device, even if the information terminal device gets over another person's hand, the password itself Of course, no encryption algorithm is known to others.

  According to the second aspect of the present invention, the key basic information is generated based on the information obtained from the operation panel of the information terminal device as the client, and the password is encrypted using this. For this reason, the key basic information is only used as an encryption key for reproducing the password, and is not recorded alone. This makes it possible to build a system with extremely high security. In addition, even if the key basic information input from the operation panel is a short character string or a short gesture pattern, the decryption unit uses a password having a predetermined long character string, so which of the biometric information is Even if it is such, there is an effect that it is hard to make a big difference in security with other accounts.

  According to the third aspect of the present invention, since biometric information is used as key basic information and biometric information is not recorded as it is, it is possible to maintain high security as well as depending on the length of the biometric information, It will be possible to connect to a server that performs authentication by combining an account name and a password of limited length. Moreover, it becomes possible to avoid the complexity of inputting a long character string.

According to the invention described in claim 4 and claim 7, when a combination of a specific account ID and an incorrect password is continuously input and the number of inputs exceeds a predetermined number, the authentication request is invalid. Since the entire password is not recorded in any device while maintaining the server side action that it can be determined that it can be determined, it can be shut off extremely reliably when the unauthorized authentication operation continues, and high security can be maintained. .

  According to the fifth aspect of the present invention, the present invention can be applied to ordinary computers and smartphones.

FIG. 1 is an explanatory view of the configuration of an authentication main part of a first example of the whole system implementing the invention. FIG. 2 is a configuration diagram of a password registration main part of a first example of the entire system implementing the invention. FIG. 3 is an explanatory view of a partial configuration example of account authentication in the first embodiment according to the authentication device of the present invention. FIG. 4 is an explanatory view of an authentication configuration in the first embodiment according to the authentication device of the present invention. FIG. 5 is an explanatory view of a password registration configuration in the first embodiment according to the authentication device of the present invention. FIG. 6 is an explanatory view of the authentication configuration of the entire system in the second embodiment according to the authentication device of the present invention. FIG. 7 is an explanatory view of a partial configuration of a gesture pattern according to the present invention . FIG. 8 is a configuration explanatory view of a biological information acquisition unit according to the present invention . FIG. 9 is an explanatory diagram of an authentication main part of a second example of the entire system implementing the invention . FIG. 10 is a configuration diagram of a password registration main part of a second example of the entire system implementing the invention . FIG. 11 is an explanatory diagram of a main part of authentication of a third example of the entire system implementing the invention . FIG. 12 is an explanatory diagram of a main part of password registration of a third example of the entire system implementing the invention . FIG. 13 is an explanatory diagram of a main part of authentication of a fourth example of the entire system implementing the invention . FIG. 14 is an explanatory diagram of a password registration main part of a fourth example of the entire system implementing the invention . FIG. 15 is a timing chart of a password registration processing procedure in the case of calculating an encrypted password based on an operation input from the information terminal device . FIG. 16 is a timing chart of a password registration process procedure when the plaintext password is generated by the information terminal device .

A mode for carrying out the present invention will be described in accordance with the following table of contents.
-------------[table of contents]-------------
(1. About the example system to be assumed)
(1.1. Configuration of the example system as a whole)
(1.1.1. Configuration of main parts to authenticate)
(1.1.2. Main part composition to do password registration)
(1.2. Operation of the whole example system)
(1.2.1. Main part operation to authenticate)
(1.2.2. Main part operation to register password)
(1.3. Technical effects of the entire system that is the premise)
(2. Regarding the First Embodiment of the Authentication Device)
(2.1. Configuration of the first embodiment according to the authentication device)
(2.1.1. Configuration to authenticate)
(2.1.1.1. Main server configuration)
(2.1.1.2. Front server configuration)
(2.1.1.3. Configuration of information terminal device)
(2.1.2. Configuration for password registration)
(2.2. Operation of First Embodiment of Authentication Device)
(2.2.1. Password registration operation)
(2.2.2. Authentication operation)
(2.3. Technical effects of the implementation of the first embodiment of the authentication device)
(3. Second Embodiment of Authentication Device)
(3.1. Configuration and Operation of Second Embodiment of Authentication Device)
(3.2. On the merits and demerits of the second embodiment according to the authentication device)
(3.3. Division arrangement of encryption key generation units)
(5. Modification of the whole system)
(5.1. Second whole system example)
(5.2. Third whole system example)
(5.3. Fourth whole system example)
(6. Other)
(6.1. Modification of password registration process)
(6.2. Acquisition of biometric transmission information)
(6.3. Acquisition of biometric information)
(6.4. About account ID, record of encrypted password)
(6.5. Application program etc.)
(6.6. Modification Example 1 of Password Registration Processing Operation)
(6.7. Modification 2 of Password Registration Processing Operation)
(7. Correspondence between the description of the claims of the present application and the embodiment)

-------------[Text]-------------
(1. About the entire first example system to be premised)
As described above, a series of inventions in the present application assume that the encryption key is derived from the information issued from the living body, and by encrypting the password using this encryption key, the raw plaintext password is recorded on either the client or the server. It is intended to keep the security at login time as much as possible. And it is suitable to be implemented in a so-called client server model.

In implementing the present invention, several aspects can be considered, and different effects can be expected depending on which elements are implemented on the client and which elements are implemented on the server.
However, the arrangement of the components is aside here, and how it is configured as a whole and how it operates will be described.

(1.1. Configuration of the First Prerequisite System Example)
(1.1.1. Configuration of the main part of authentication)
First, an example of the entire system, which is a premise when requesting authentication from a server providing a service, will be described with reference to FIG. FIG. 1 is an explanatory view of an authentication main part of a first example of the whole system implementing the invention.

-Main server (104)
The main server (104) is a computer that operates information and resources. For example, transfer processing from a deposit account corresponding to a designated account to another account can be performed. Also, when there is a connection for communication from the information terminal device, the main server (104) waits for input of information combining an account ID (denoted as "A-ID" in the figure) and a password. The operation is allowed only when this matches the account information recorded in advance in the server.

-Account ID recording part (101)
The account ID recording unit (101) can record an account ID and can take it out as needed. The account ID is an identifier enabling selection of a specific one account from a plurality of accounts, and the main server (104) uses this as a clue to determine the operator and operation authority of the information terminal device that has made access. At the same time, it is possible to follow the results of operations performed in the past, such as bank account balance inquiries.
Usually, the account ID recording unit is disposed in the information terminal device as a client.

-Encrypted password recording unit (103)
The encrypted password recording unit (103) (denoted as "encrypted PWD recording unit" in the figure) can record an encrypted password obtained by encrypting a plaintext password used for authentication by the main server. It has become. And, it can be taken out as needed. The password is used for authentication with the main server together with the account ID, and is incidental information for determining whether the account ID belongs to the operator of the information terminal device that is permitted to use the account.
Usually, the encrypted password recording unit is disposed in the information terminal device as a client.

-Key basic information acquisition unit (109)
The key basic information acquisition unit (109) is configured to acquire basic information that is the basis of an encryption key used when the decryption unit decrypts an encrypted password into a plaintext password. Here, the encryption key used for decryption is usually required to follow a fixed format, such as having a predetermined number of bits. The key basic information acquisition unit is intended to be one that can be widely acquired as data without being bound to a format, which is the meaning of "basic information" here.

  Although the key basic information is in such a free format, it is necessary to indicate that the authentication request is performed by one having a certain authority regardless of whether the operator is conscious or unconscious. Therefore, we will use the information emitted from the living body.

・ Encryption key generation unit (108)
The encryption key generation unit (108) obtains key basic information in free format acquired by the key basic information acquisition unit (109), and converts it into a format that can be used as an encryption key in the subsequent decryption unit. ing.
The conversion here may be a reversible conversion or an irreversible conversion. It is sufficient if the same encryption key can be obtained from the same key basic information even if the time is different.

・ Decryption unit (121)
The decryption unit (121) obtains the encryption key from the encryption key generation unit (108) and the encrypted password from the encrypted password recording unit, and obtains a plaintext password based on these. The encryption algorithm may be any algorithm, but it needs to be a reversible transform because of the need to be able to decrypt.

(1.1.2. Configuration of the main part of password registration)
Prior to the operation for performing the authentication, it is necessary to register the account ID and the encrypted password in the client. Then, next, the principal part structure which concerns on this registration is demonstrated using FIG. FIG. 2 is a configuration diagram of a password registration main part of a first example of the entire system implementing the invention. Here, this series of registration operation is simply referred to as "password registration operation".

Among the components used for registration, the account ID recording unit (201), the encrypted password recording unit (203), the key basic information acquisition unit (209), and the encryption key generation unit (208) are each authenticated. Since the account ID recording unit (101), the encrypted password recording unit (103), the key basic information acquisition unit (109), and the encryption key generation unit (108), which are components used at the same time, will not be described.

-Main server (204)
The main server (204) is a computer that operates information and resources. Generally, when a connection request is made from an information terminal device, the combination of account ID and password used for authentication is recorded in advance in the server. . When performing a password registration operation on the information terminal device, these pieces of information are sent to the client. With regard to the password, a new password may be generated at the time of password registration, and this may be sent to the client together with the account ID.

  By the way, there is a server that records a password after irreversible conversion. Such a server can maintain high security because even if the password file is illegally accessed, the password file information can not obtain the password used for authentication. In this case, since a predetermined password can not be extracted, a new password is generated and sent to the client together with the account ID. In this case, the password sent to the client and the password recorded and held in the main server do not match.

・ Encryption part (222)
The encryption unit (222) encrypts the password by reversible conversion using the plaintext password transmitted for registering the password of the information terminal device from the main server and the encryption key obtained from the encryption key generation unit (208). Is supposed to be

(1.2. Overall behavior of the first example system to be assumed)
Next, the operation in the above-described exemplary system will be described.

(1.2.1. Main part operation to authenticate)
First, the case where the authentication operation is performed from the information terminal device which is the client to the main server will be described. The operator issues an authentication request to the main server from the operation unit of the information terminal device (not shown). When a smartphone is used as the information terminal device, this request can be instructed by starting a program operating as a client.

When the authentication request operation is performed, the information terminal device reads the account ID from the account ID recording unit (101) and sends it to the main server. Also, the encrypted password is read out from the encrypted password recording unit (103) and sent out to the decryption unit (121).
At this time, the information terminal device acquires key basic information by the operation of the key basic information acquisition unit (109). Then, the key basic information is sent to the encryption key generation unit (108).

Then, in the decryption unit, since the encrypted password and the encryption key are complete, it is possible to reproduce the plaintext password when it is encrypted in advance by calculation. The decrypted plaintext password is then sent to the main server (104).
In the main server (104), this can be done because the account ID and the plaintext password for performing the authentication process are aligned.

(1.2.2. Main part operation to register password)
Next, a scene where password registration is performed from the main server to the information terminal device which is the client will be described.

  First, the operator makes a password registration request to the main server from the operation unit of the information terminal device (not shown). In the case where a smartphone is used as the information terminal device, this request is made by instructing a password registration request operation after starting a program operating as a client, or instructing by starting a password registration dedicated program. It can be operated.

  The main server (104) that has received the password registration instruction sends out the account ID to the account ID recording unit (201). Also, the plaintext password is sent out to the encryption unit (222).

  When the account ID recording unit (201) receives the account ID, it records this in the account ID recording unit (201).

On the other hand, in the encryption unit (222), the encryption key generated by the encryption key generation unit (208) based on the key basic information obtained from the key basic information acquisition unit (209) and the plaintext obtained from the main server (204) Upon receipt of the password, the conversion processing of encryption is performed using a predetermined algorithm. This encryption algorithm is selected to obtain a reversible code such as Advanced Encryption Standard (AES), Data Encryption Standard (DES), Blowfish, and so on. Then, the encrypted password is recorded in the encrypted password recording unit (203).
By the above series of operations, the account ID and the encrypted password are respectively stored in the information terminal device as the client.

  By the way, in the case of a server in which a password to be used is subjected to irreversible conversion (hashing) and then recorded, the operation for sending a plaintext password to the encryption unit (222) is different. In this case, when the main server receives a password registration instruction, it generates a new plaintext password. Then, while the password is hashed and recorded in a password file in the main server (not shown), the generated password is also sent to the encryption unit (222). Even if a password is assigned in advance when the account is created, a new password will be assigned again when registering.

In addition, there is a case where a server can be configured that only allows passwords according to certain rules, such as having to mix multiple character types such as upper case letters, lower case letters, numeric values, and symbols. Also in this case, a password according to the rule is prepared in advance or newly generated, and the password is recorded in a password file (not shown) in the main server as described above, while the generated password is encrypted. It may be sent together with the part (222).
Also, even if the main server is configured such that a raw password can not be read out, password registration processing is possible in the same manner.

(1.3. Technical effects of the entire system that is the premise)
As described above, in the entire system, since the raw password required for authentication in the main server is not redundantly recorded in any of the systems, high security can be maintained.

  In addition, when the password is hashed and recorded in the main server, the password actually used is not recorded anywhere in the system, and the raw password recording can be completely eliminated from the system, maintaining extremely high security. Will be able to

  Furthermore, even if the information amount of the key basic information acquired by the key basic information acquisition unit is small, the plaintext password sent to the main server has a large capacity by decryption. For this reason, it is possible to perform authentication based on information issued from a living body while maintaining high security, by simply adding a front-end server to authentication processing of a main server that has been used conventionally.

(2. Regarding the First Embodiment of the Authentication Device)
Next, how each component shown in the above-mentioned example of the system should be distributed to the server / client model will be described.

(2.1. Configuration of the first embodiment according to the authentication device)
First, as a first embodiment according to the authentication device of the present invention, a front server is provided between the information terminal device and the main server, and an implementation example in which a decryption unit is disposed in the front server is illustrated. The process will be described with reference to FIG. In this implementation, the primary server and the front-end server combine to form an authenticator.

(2.1.1. Configuration to authenticate)
Here, the authentication configuration will be described with reference to FIGS. 3 and 4. FIG. 3 is a block diagram of an account authentication related portion related to the authentication device. Further, FIG. 4 is an explanatory diagram of the configuration at the time of authentication of the entire system relating to the authentication device.

(2.1.1.1. Main server configuration)
The main server (404) is connected to the information terminal device (410) as a client via the front server (405), and can adopt, for example, the configuration shown in FIG.

The account ID input unit (331) can capture an account ID sent in response to an authentication request from the network.
The password input unit (332) can capture a plaintext password sent in response to an authentication request from the network.

  The mismatch counting unit (333) counts the number of times when the combination of the account ID and the password is different from the combination stored in the authentication request processing. This is for judging that the authentication request is due to unauthorized access when the authentication request is made in the wrong combination. For this reason, counting will be performed when there is a continuous erroneous request for authentication. In addition, since unauthorized authentication requests are generally made intensively for one account ID, the number of mismatches is counted for each account ID, and the number of times when authentication requests are continuously made erroneously. It will be counted. Then, it is reset when a valid authentication request is made even once.

  The account suspension specified number (334) defines a threshold value of the number of times of fraudulent request, which is considered to be an unauthorized access when false authentication requests continue. Although this value is a fixed value, it may be set to an arbitrary value by the program or by the system user.

The account database (336) (denoted as "account DB" in the figure) includes, for example, what is also called a password file, and records account IDs and passwords in correspondence with each other. In addition, for each one of the account ID, the account it is to be able to record whether the use of prohibited the available.

The account termination instruction unit (335) prohibits the authentication of the corresponding account information in the account database (336) when the number of authentication errors counted by the non-coincidence counting unit (333) becomes the account termination regulation number (334). Is supposed to record.

  The account activation status acquisition unit (338) acquires from the account database (336) whether or not the account ID for which authentication has been requested may be authenticated, and determines whether authentication is possible or not. It is supposed to

  If the account activation status acquiring unit (338) recognizes that the account activation status acquiring unit (338) can authenticate the account ID received by the account ID input unit (331), the authentication permission determination unit (337) determines the account ID and the password input unit. Based on the combination with the password received in (332), the account database (336) is queried to determine whether the resource / instruction of this server is possible and to determine its permission or rejection.

  Although the above is the configuration in the case where the main server performs challenge count and limits the number of challenges, the main server not having the challenge number limitation function does not have the mismatch counting unit (333) and the account stop instruction unit (335). And the account activation state acquisition unit (338) are unnecessary.

(2.1.1.2. Front server configuration)
Next, the front server (405) will be described using FIG.
The front end server (405) intervenes between the information terminal device (410) and the main server (404), and performs matching between the information terminal device handling an encrypted password and the main server handling a plaintext password. It has become. The front-end server includes an account information receiving unit, a decrypting unit, and an encryption key generating unit.

  The account information receiving unit is configured to receive an account ID and an encrypted password from the information terminal device via the network (406).

  The encryption key generation unit (408) receives the key basic information sent from the information terminal device (410) via the network (406), and converts it into a format that can be used as an encryption key in the subsequent decryption unit.

  The decryption unit (421) decrypts the encrypted password obtained from the account information reception unit (411) using the encryption key obtained from the encryption key generation unit (408) to obtain a plaintext Decrypt to password. Then, the plaintext password obtained here is transmitted as a password used for authentication on the main server.

(2.1.1.3. Information terminal equipment)
Next, an information terminal device as a client will be described. The information terminal apparatus comprises an account ID storage unit (401), an encrypted password storage unit (403), a key basic information acquisition unit (409), an operation input unit (442), and a client control unit (441).
Among them, the account ID recording unit (401), the encrypted password recording unit (403), and the key basic information acquisition unit (409) are the items described in the above (1.1.1. It is the same as explained, so I will omit the explanation.

  For example, the operation input unit (442) is a functional unit combining an OS managing an information terminal device such as a smartphone and an operation panel with a liquid crystal display of the information terminal device, and can receive an operation instruction from an operator It is supposed to be.

  The client control unit (441) is implemented by, for example, an OS that manages an information terminal device and an application program. Then, when an authentication request is made from a person who operates the information terminal device, the account ID recorded in the account ID recording unit (401) and the encrypted password recorded in the encrypted password recording unit (403) are read out. , It controls to send this toward the account information receiving section of the front-end server. Further, the key basic information acquisition unit (409) is urged to acquire key basic information, and the information emitted from the living body is acquired, and control is performed to transmit this to the encryption key generation unit of the front-end server. The information emitted from the living body acquired here is the basis of the encryption key when it is later decrypted.

(2.1.2. Configuration for password registration)
Next, a configuration for password registration will be described using FIG. FIG. 5 is an explanatory view of the password registration configuration according to the authentication device.

  A function required for password registration is to record a password encrypted by an encryption key derived from key basic information in an encrypted password recording unit in the information terminal device.

-Information terminal (510)
The information terminal device (510) comprises an account ID recording unit (501), an encrypted password recording unit (503), a key basic information acquisition unit (509), an operation input unit (542), and a client control unit (541). .
The account ID recording unit (501), the encrypted password recording unit (503), the key basic information acquisition unit (509), and the operation input unit (542) in the information terminal device (510) are account IDs used at the time of authentication. As the recording unit (401), the encrypted password recording unit (403), the key basic information acquisition unit (409), and the operation input unit (442) are the same, the description will be omitted.

  The client control unit (541) prompts the operator to input an account ID and a temporary password previously given by the main server operator or the like when instructed by the operation input unit (542) to register the client. It has become. Also, the encrypted password is obtained from the encryption unit (522) in the front-end server, and the account ID is obtained from the front-end server / main server or the operation input unit, and the encrypted password recording unit (503) Each is recorded in the ID recording unit (501).

-Front server (505)
The front server (505) includes an encryption unit (522) and an encryption key generation unit (508).
Here, since the encryption key generation unit (508) is common to the encryption key generation unit (408) used at the time of authentication, the description will be omitted.

  A new password generation unit (not shown) is provided so that the front server generates a new password if the main server is configured not to read the raw password.

-Main server (504)
The main server is for performing operations etc. on resources, but it is preferable that password registration processing for the information terminal device is also performed in response to a request.
The network (506) is also common to the network (406) except that the communication direction is different.

(2.2. Operation of First Embodiment of Authentication Device)
The operation of the present embodiment will be described. The flow of data at the time of authentication and at the time of registration according to the present embodiment is approximately as described above (1.2. Operation of the entire system example to be a premise). Therefore, here, it demonstrates paying attention to the flow of control.

  First, password registration is performed to associate the authentication device with the information terminal device. For this purpose, first, the operator of the information terminal device installs and executes an application program that causes the information device such as a smartphone to function as the information terminal device.

(2.2.1. Password registration operation)
When the application program is running, the client control (541) checks if there is a record of the encrypted password. If the encrypted password can not be confirmed, then either the account has not been set up on the primary server, or password registration processing has not been performed. If the account has not been set up on the main server, the administrator of the main server is asked to register the account, but if the password registration process has not been performed, the registration operation is entered. It will be.

When performing the registration procedure, since authentication according to the present invention can not be performed yet, it is necessary to confirm the identity using a temporary password or the like previously given by the main server operator or the like. To do this, the client control unit (541) prompts the operator to enter an account ID and a temporary password.
Subsequently, the client control unit (541) sends the input account ID and temporary password directly to the main server via the front-end server, or requests the main server for password registration processing.

The main server (504) that has received this reads the password previously associated with the account ID, or generates a new plaintext password, and transmits this to the front server (505). In the front-end server, the new plaintext password is captured by the encryption unit (522). Then, this is encrypted and sent to the information terminal device. Since the command data flowing on the network (506) is subjected to processing such as SSL (Secure Socket Layer) (not shown) at the time of sending to the information terminal device, the secrecy can be maintained.
The account ID and the encrypted password sent to the information terminal device are recorded in the account ID recording unit (501) and the encrypted password recording unit (503), respectively, under the control of the client control unit (541). This makes it possible to perform a series of registration processing.

  If the raw password can not be read, it is necessary to generate a new plaintext password. In this case, a plaintext password may be generated by a new password generation unit (not shown) in the front-end server (505), and the above operation may be performed by regarding this as being extracted from the main server.

(2.2.2. Authentication operation)
When the operator operates the main server, the application program should be operating. As described above, whether or not the password has already been registered can be grasped from the information recording state in the account ID recording unit and the encrypted password recording unit. When the password is registered, the client control unit (441) next instructs the key basic information acquisition unit (409) to acquire the key basic information.

  Since the key basic information, the encrypted password, and the account ID necessary for authentication in this system are obtained when the key basic information is obtained, the client control section (441) receives the account information receiving section of the front server (405). The account ID and the encrypted password are sent out, and key basic information is sent to the encryption key generation unit (408).

  When receiving these, the front-end server (405) performs decryption (421) by the decryption unit as an authentication operation to obtain an account ID and a plaintext password. Then, using this, an authentication request is sent to the main server (404) to perform the authentication.

(2.3. Technical effects of the implementation of the first embodiment of the authentication device)
By placing the encryption key generation unit (108) on the front server, it does not flow over the network whether or not any key form encryption is used or even its hints. In addition, since neither the encryption key nor the password is recorded in the information terminal device, high security can be maintained. In addition, although direct flow of key basic information on the network between the information terminal device and the front-end server seems to be a disadvantage, it can not be easily deciphered by using the SSL protocol on the network, so Disadvantages hardly appear.

  Although a network will be established between the front-end server and the main server, the front-end server can be separated from the network (506) by using it as a gateway. By making this a private network, the main server can be completely isolated from the public line, and high security can be maintained.

  Furthermore, account ID that is not encrypted can maintain secrecy during communication if SSL etc. on the network is used, while securely encrypting the account ID recorded in the account ID recording unit (401) with a key of appearance However, since the same account ID is sent from the same information terminal device, the number of incorrect authentication requests can be surely grasped even when the main server performs a challenge count associated with the account ID. It is possible to eliminate unauthorized access with extremely high accuracy.

  Although unauthorized access is characterized by many accesses while changing the password corresponding to the same account ID, it is difficult to change biometric information, so unauthorized access mainly refers to biometric information. It is easy to happen. Therefore, the present embodiment is particularly significant when biological transmission information is acquired from the operation panel and used as key basic information.

  Further, as can be seen from FIG. 4, the password itself is not recorded, and of course, the information terminal apparatus does not include a functional part that processes encryption / decryption with respect to the password. This can be said to be the most preferable implementation that makes the encryption algorithm unknown to others even if the information terminal device is in the hands of others. At the same time, since there is no encryption / decryption operation in the information terminal device, it is significant that the client processing becomes lightweight.

  Furthermore, by providing a front-end server separately from the main server as in the present embodiment, a gesture is newly made without changing the server for which resource use is permitted or denied by the account ID and the plaintext password. -It becomes possible to perform authentication by pattern and authentication by biometric information, and it becomes possible to construct a new authentication system extremely easily.

(3. Second Embodiment of Authentication Device)
In the second embodiment, an implementation in which the encryption key generation unit is disposed in the information terminal device will be described with reference to FIG. In order to simplify the description, although it is not included in the drawings of the client control unit and the input operation unit, and the description is omitted, these are naturally implemented.

(3.1. Configuration and Operation of Second Embodiment of Authentication Device)
The present embodiment differs from the first embodiment in the configuration only in that the encryption key generation unit (642) is disposed in the information terminal device. In connection with this, the operation flow is the same except that the key basic information is changed to the encryption key itself as data flowing on the network.

(3.2. On the merits and demerits of the second embodiment according to the authentication device)
According to the present embodiment, when changing the encryption key generation algorithm, it is necessary to correct the algorithm of the information terminal device, and the time and effort of correction such as redistribution of the application program becomes complicated. In addition, there is no concern that the degree of security may be degraded in that the encryption key flows directly on the network (606). However, if you use SSL encryption on your network, you won't get the security drop you're concerned about.

  On the other hand, since the amount of information is determined by the configuration of the decryption unit regardless of the biometric information, the amount of information can be accurately predicted, and the main server to which access from a large number of information terminals can be supported It is preferable to Furthermore, when the gesture pattern in the information terminal device is designed to be acquired by an imaging device such as a camera, the moving image information becomes enormous, and it is burdensome for the user to pass the moving image information on the expensive communication path as it is. large. Even in such a case, if it is compressed to an encryption key, it is significant that the burden is reduced.

  In addition, it is possible to newly perform authentication by gesture pattern and authentication by biometric information without changing the server that has been permitted or disallowed to use the resource by account ID and plaintext password. It is the same as the form of

(3.3. Division arrangement of encryption key generation units)
In the first embodiment and the second embodiment, an example is shown in which the encryption key generation unit (408, 608) is disposed in the front server or the information terminal device, but functions are distributed, and the information terminal It is worth considering to divide and arrange the device and the front server.

  For example, in the case where a gesture pattern is acquired by an imaging device, a modification such as arranging an image processing such as feature extraction in an information terminal device and a process of generating an extracted key into an encryption key in an anterior server There is an example. That is, from basic key information to encryption key generation is implemented over both the information terminal device and the front-end server. By doing this, even if the key basic information has a huge amount of information, it is possible to drastically reduce the amount of communication between the information terminal device and the front-end server, and quick authentication processing becomes possible. .

(5. Modification of the whole system)
In each of the above embodiments, the implementation on the client server model has been described following the basic configuration described in the above (1. overall premise of the first example system). Here, the modification which added the variation to this system itself is demonstrated.

(5.1. Second whole system example)
As a second system example, the case of encrypting and recording an account ID will be described with reference to FIGS. 9 and 10. FIG . FIG. 9 is an explanatory view of an authentication main part of the second whole system example, and FIG. 10 is a block diagram of a main part of a password registration of the second whole system example.

  The characteristic point of this system is the existence of the encrypted account ID recording unit (1102). That is, in each embodiment based on the first system, the account ID is recorded as plain text in the information terminal device, but the present system is different in that the record is encrypted.

  Therefore, in order to read out the account ID from the encrypted account ID recording unit (1102), a second decryption unit (1125) is provided at the time of authentication, and a second encryption unit (1224) is provided at the time of password registration. . The encryption used here needs to be a reversible conversion because it needs to be decrypted.

  At this time, it is natural that the encryption key used in the second decryption unit (1125) and the second encryption unit (1224) should be common. In principle, data derived from key basic information obtained by the key basic information acquisition unit should not be used. When a different operator or an operator who forgets the key basic information performs an authentication operation, an encryption key different from that at the time of registration is generated, and as a result, it is decrypted to another person's account ID and prohibits another person's account on the main server. There is a risk of In other words, it is necessary to use the same predetermined encryption key for the second decryption unit (1125) and the second encryption unit (1224), except for the key basic used at the time of password registration. It is acceptable to record an encryption key derived from information and use it as the encryption key in the second decryption unit.

  With the above-described configuration, the account ID is not recorded in plain text in the information terminal device, and security can be enhanced even in the hands of another person.

  When the front server is provided as in the first embodiment, the second decoding unit (1125) may be provided on the information terminal side or on the front server side, but the front server may be provided. By providing on the side, high security can be maintained because it is difficult to see what encryption has been performed. In addition, since there is no encryption / decryption operation in the information terminal device, it is significant that the client processing becomes lightweight.

(5.2. Third whole system example)
Next, as a third system example, the case where password encryption is doubled and recorded will be described using FIGS . 11 and 12. FIG . FIG. 11 is an explanatory view of an authentication main part of the third example of the whole system, and FIG. 12 is a block diagram of a main part of password registration of the third example of the whole system.

  The characteristic point of this system is that the post-decoding unit (1327) and the pre-encryption unit (1428) intervene in the information flow related to the password. That is, in each embodiment based on the first system, the password in the information terminal device is encrypted and recorded with the encryption key derived from the key basic information. It differs in that it doubles Note that the encryption used here needs to be reversible because it needs to be decrypted.

  By doing this, a plaintext password does not pass in the information transfer between the first decryption unit and the post-decryption unit and the information transfer between the first encryption unit and the pre-encryption unit. Even if it is necessary to use a communication line that leaves security concerns, it is possible to enhance security if the system is designed to allocate a communication part to this boundary.

(5.3. Fourth whole system example)
Next, as a fourth system example, a case where password encryption is double-recorded as well will be described using FIG . 13 and FIG . FIG. 13 is an explanatory view of an authentication main part of the fourth whole system example, and FIG. 14 is a block diagram of a password registration main part of the fourth whole system example.

  The characteristic point of this system is that the pre-decryption unit (1525) and the post-decoding unit (1626) intervene in the information flow related to the password. It is the same as the third system in that the password recording is duplicated in the information terminal device, but the result of the encryption processing using the encryption key derived from the key basic information at the time of registration is the information terminal device Differs in that they are not recorded in The encryption used here needs to be a reversible conversion because it needs to be decrypted.

  By doing this, even if the DES is weak in security due to encryption using the encryption key derived from the key basic information, it is possible to improve the security of the entire system.

(6. Other)
(6.1. Modification of password registration process)
The description of each of the above embodiments has described the scene of registration in a state of being connected to communication, regarding password registration.

  However, when higher security is required, another password registration application may directly write the account ID and the encrypted password to the account ID recording unit and the encrypted password recording unit.

  Furthermore, a smartphone may be brought to a store and directly recorded via hardware in a memory in the information terminal device using the function of the OS.

  Similarly, password registration may be enabled as a result by having a smartphone brought to a store and installing an application program in which an account ID and an encrypted password are set in advance.

(6.2. Acquisition of biometric transmission information)
An example of taking out biological transmission information transmitted from a person based on human consciousness as a gesture pattern will be briefly described with reference to FIG . FIG. 7 is an explanatory view of a partial processing configuration of the gesture pattern.

  The operation panel (944) is, for example, an operation panel with a liquid crystal display of an information terminal device such as a smartphone, and can receive an operation instruction from the information terminal device.

  The gesture API (945) is, for example, a part of an application program interface of the OS of the information terminal device, and when the operator draws a line in a predetermined area on the operation panel, a code (a gesture (Gesture・ A pattern is output.

  The client control unit (941) is configured to send out the gesture pattern obtained from the gesture API at a predetermined timing to the encryption key generation unit (908) by another operation or the like on the operation panel.

  The encryption key generation unit (908) can be provided regardless of the location of the information terminal device, the front server, etc., and obtains the gesture pattern obtained from the free format gesture API and decodes it in the latter stage. Convert to a format that can be used as an encryption key in

(6.3. Acquisition of biometric information)
An example will be described in which biological information that can be externally observed from people is extracted without being based on human consciousness. When acquiring biometric information, it is difficult to acquire itself with exactly the same reproducibility. For this reason, it is necessary to make certain improvements. For example, the biometric information acquired in the password registration operation is irreversibly encrypted (hashed) and the biometric information is recorded in the information device. Then, at the time of the authentication operation, it is preferable to adopt a method of performing the authentication operation on the authentication device only when the irreversible conversion is performed and the same hash value is obtained.

By doing this, it is possible to construct a system in which the biometric information itself is not recorded anywhere throughout the entire system while the password itself is not recorded anywhere throughout the entire system, and high security can be maintained. Hereinafter, the configuration for mounting this will be briefly described using FIG . FIG. 8 is a configuration explanatory view of a biological information acquisition unit.

  The biological information reading element (1051) is configured to acquire biological information in contact with or without contact with a living body. For example, a fingerprint sensor may be used to acquire a fingerprint pattern, and an imaging device may be used to acquire a retinal pattern, for example.

  The normalization unit (1052) reads the biological information acquired by the biological information reading element (1051), and converts the biological information so as to fit in a predetermined format. That is, although biological information can be acquired in various patterns depending on individual differences when acquired from one sensor, in order to equally generate this encryption key, temporal expansion / contraction or spatial expansion / contraction is performed It is desirable to pass the operation. The normalization unit stores biological information in a predetermined format through such operations, and as a result, operates to maintain the same level of security regardless of who authenticates.

  The irreversible conversion unit (1053) hashes the normalized biological information by a hash function or the like. It is possible to omit the lossy encryption unit, but if this is done, since the information is recorded as it is in the encrypted biometric information recording unit (1054) in the latter stage, the memory read when the information terminal device gets over another person's hand And there is a risk that biological information can be read out as it is. In addition, even if the reversible conversion is performed, the program is analyzed when the information terminal device is in the hands of another person, and eventually there is a possibility that the biological information can be read out by the reverse conversion. Therefore, it is preferable to perform irreversible conversion here.

  The encrypted biometric information recording unit (1054) records the irreversibly converted (hashed) biometric information.

  When performing the authentication process, the coincidence detection unit (1055) refers to the contents of the normalization unit (1052) and the encrypted biometric information recording unit (1054), and pre-registered biometric information and biometric information acquired at the time of authentication. Determine whether and match. Then, by performing authentication on the main server only when there is a match, even if there is a reading error of the biometric information, the challenge count is increased to the user and the genuine user receives unconditional authentication rejection. Acts like you can not.

  Among the above, the coincidence detection unit (1055) and the encryption key generation unit (1008) may be mounted on the information terminal device or may be mounted on the front server.

  In addition to the above-described method, a method of removing a constant noise component using the concept of metric space is also worth implementing.

  By the way, biometric information corresponds to sensitive information that is not handled by a bank. In the present invention, biometric information is limited to key basic information, and this is not necessarily recorded. Therefore, implementing this in a bank has an advantage that it is not necessary to handle sensitive information.

(6.4. About account ID, record of encrypted password)
In each of the above embodiments, it is assumed that the account ID and the encrypted password are recorded in the account identifier recording unit and the encrypted password recording unit disposed in the information terminal device, respectively.

  By the way, when using the smart phone etc. which are provided by the communication company, it is possible to operate so that the unique identifier is allocated to the information terminal device and this can not be rewritten. In this case, upon authentication, an account ID and an encrypted password can be separately obtained from the management server each time using a unique identifier.

  Even in this case, however, it is necessary to temporarily prepare an account identifier recording unit and an encrypted password recording unit, and the configuration does not change. In addition, the account ID and the encrypted password can be easily acquired even when the information terminal device gets into another's hand, so that no information remains at the time of suspension, which is a remarkable security advantage. It is understood that the result is not obtained.

(6.5. Application program etc.)
In the above-described embodiment, the description has been made on the assumption that a smartphone is used. However, for example, it is possible to perform the same operation by javascript (registered trademark) using the technology of HTML5. In this case, the account ID recording unit and the encrypted password recording unit may be designed to be placed on a general-purpose memory called Web Storage, which is associated with the URL.

(6.6. Modification Example 1 of Password Registration Processing Operation)
In the item of the description of each embodiment of the invention, the password registration process is as follows:
Example of reading the password from the main server (204, 504, ...) and sending it to the information terminal device Example of newly generating a password on the main server and registering it in the main server and sending it to the information terminal device An example was given where a password was newly generated by the front-end server (505) and registered in the main server and then sent out to the information terminal device. Besides this, the password is input from the information terminal device, or The procedure of registering this using the password recorded in the device can be taken.

Specifically taking a case of adopting the same configuration as the first embodiment as an example, it will be described with reference to FIG. FIG. 15 is a timing chart of a password registration processing procedure in the case of calculating an encrypted password based on an operation input from the information terminal device.

・ Initial PWD input acceptance (1731)
In this case, the password registration is triggered by an operation from the information terminal device, and a series of processing related to the registration of the initial password is started.

When the operator wants to register the initial password in the information terminal device, the application program dedicated to the registration of the initial password is activated, or the application program used for the operation of the main server is activated and the function of the program is Perform an operation that triggers the start of registration, such as instructing initial password registration.
In response to this trigger, the client control unit (541 or the like) prompts the operator to input an initial password that the operator wants to set. The prompted operator now enters an initial password.

-Initial authentication request (1732)
The initial password corresponds to an account registered in advance in the main server, and may be a so-called temporary password. When the initial password is input, the information terminal device requests the primary server to perform initial authentication via the front-end server. For this purpose, the information terminal sends an initial authentication request including at least the account ID and the initial password to the front end server.

-Initial authentication request transfer (1733)
When an authentication request is made from the information terminal device via the front-end server, the front-end server transfers this to the main server.
The content of the initial authentication request is to confirm whether the operation performed on the information terminal device that triggered the request is the operation for the correct account registered in the main server, and if login authentication of the main server is used as it is It is enough.

-Main server authentication (1734)
The main server performs authentication based on the transferred account ID and initial password. The main server that has received the authentication request performs authentication using the account database (336). Then, the main server sends back the success or failure of the authentication.

・ Key basic information promotion (1735)
If the authentication is successful, it can be presumed that the person operating the information terminal device is valid, and then an encrypted password is generated using key basic information. Specifically, first, the front end server transmits a signal to the information terminal device to urge acquisition of key basic information.

-Key basic information acquisition (1736)
When the information terminal device is prompted to acquire the key basic information, the information terminal device acquires the key basic information from the key basic information acquisition unit and sends it back to the front end server.

・ Encryption / registration instruction (1737)
At this point, the front-end server recognizes the initial password sent in the initial authentication request (1732) and the key basic information obtained in the key basic information acquisition step (1736), so encryption is performed from both of them. Get an encrypted password. Then, the obtained encrypted password is sent to the information terminal device.

・ Encrypted PWD record (1738)
The information terminal device records the obtained encrypted password in the encrypted password recording unit (503). Thus, the password registration process can be completed.

  This registration procedure can be implemented similarly to the configuration described in the second embodiment.

  By adopting this registration procedure, as described in the first embodiment and the second embodiment, when installing the front server, the front server and the information can be obtained without extracting the raw password from the main server. A series of processes related to encrypted password registration can be completed with the terminal device. Therefore, even if the password is hashed and recorded by irreversible conversion in the main server, it can be easily implemented. In addition, there is an advantage that no special protocol for password registration is required between the main server and the front-end server, and the implementation becomes easy.

(6.7. Modification 2 of Password Registration Processing Operation)
When a new encrypted password is registered in the main server, not only the main server (204, 504, ...) or the front server (505) generates a plaintext password, but the information terminal device also generates it. Is also possible.

This modification will be described with reference to FIG. 16 by taking the same configuration as that of the first embodiment as an example. This registration procedure can also be implemented in both the second and third embodiments. FIG. 16 is a timing chart of a password registration process procedure when the plaintext password is generated by the information terminal device. Here, the front-end server starts the explanation from the point where the initial authentication request has arrived from the information terminal device.

・ Transfer initial certification request (1833)
In response to the authentication request from the information terminal device, the front-end server transfers this to the main server. This is the same step as in the first modification.

-Main server authentication (1734)
The main server performs authentication based on the transferred account ID and initial password. This is the same step as in the first modification.

・ New password request (1841)
If the main server succeeds in the authentication, it can be presumed that the information terminal device is performing password registration processing by a valid operator, and then the front-end server sends a request signal for a new password to the information terminal device.

・ Send new password (1842)
When a new password request is received from the front-end server to the information terminal device, the information terminal device, for example, prompts the operator to input a new password. Then, the input new password is sent to the front end server.
Here, the input of the new password can be changed not only by making the operator input the new password, but also by obtaining an arrangement of random numbers by calculation or obtaining a universally unique identifier (UUID). In addition, it is possible to record an appropriate password corresponding to the account ID in advance and replace it with this.

・ Password validity check (1843)
It is desirable for the front-end server that has received the new password to determine the validity of the new password. Since this new password is used as a raw password on the main server as it is, a simple one is not desirable. Therefore, some servers have restriction rules such as mixing lower case and upper case numerical values. Therefore, here, it is determined that the restriction rule is met, and the main server is not burdened. If the inspection fails at this point, the procedure may return to the new password request (1841) to perform this procedure.

・ Key basic information promotion (1835)
・ Acquisition of key basic information (1836)
・ Encryption and registration instruction (1837)
・ Encrypted PWD record (1838)
These steps are the same operations as the key basic information promotion (1735), the key basic information acquisition (1736), the encryption / registration instruction (1737), and the encrypted PWD recording (1738) in the first modification. Omit

・ New password registration instruction (1846)
At this point, since the new password received from the information terminal device is recognized as being correct, the main server is requested to register the new password as a raw password. On the other hand, the main server will record a new password with the corresponding account ID in the account database.

  According to the above procedure, when a new password is directly input from the information terminal device or installed as an application program, the corresponding password can be registered as a password of the main server. Password management by

In the case of or used or to calculate the new password in the information terminal device, the proper password to correspond to the pre account ID, password suitable positive test (1843) can be omitted.

(7. Correspondence between the description of the claims of the present application and the embodiment)
The relationship between the invention described in the claims and the description of the present embodiment will be briefly described. Note that the present invention is not limited to the implementation of the embodiment.

Account ID which an account ID recording part (101 grade | etc.,) Records is corresponded to the "account identifier" of this invention.
The operation input unit (442) is a representative implementation example of the "operation panel" of the present invention.
In the password file constituting the account database (336), a column for recording data indicating authentication prohibition corresponds to the "account stop information recording unit" of the present invention.
The authentication permission determination unit (337) corresponds to the “authentication permission determination unit” of the present invention.

The present invention can be widely used for authentication, and can be provided as an authentication system. It can of course be implemented on an information terminal device and used on a conventional authentication system.
In addition, since high security can be achieved, it is suitable for implementation in the case of conducting bank transactions from a smartphone or the like.

As for the reference numerals in the drawings, in principle, the first numerical value represents the drawing number, but the first numerical value in FIG . 7 and the subsequent figures is obtained by adding 2 to the drawing number . Further, symbols having the same lower two digits are assigned to have almost the same functions.
101 Account ID Recording Unit (corresponds to "Account Identifier" in the present invention)
103 encrypted password recording unit 411 account information receiving unit 108 encryption key generation unit (such as 208 and 408, the last two digits are common to 08)
121 Decoding unit (421, 621 etc., the last 2 digits are common to 21)
442 Operation input unit (represented by the "operation panel" of the present invention)
333 Inconsistency Counting Unit 336 Account Database (Including “Account Stop Information Recording Unit” of the present invention)
337 Authentication Permit / Determination Unit 338 Account Activation Status Acquisition Unit

Claims (7)

And account identifier recording unit, and the encrypted password recording unit for recording the encrypted password, and the key base information acquisition unit that acquires the key base information from the operator, an information terminal device connected to the network as well as comprising a The operator who tries to operate the main server via the information terminal device that has the encryption key generation unit that generates the encryption key from the key basic information acquired by the key basic information acquisition unit via the key basic information acquisition unit an authentication device for determining whether permit operation,
After receiving the key basic information obtained by the key basic information acquisition unit of the information terminal device through the network, using the encryption key generated from the key basic information or from the key basic information obtained by the key basic information acquisition unit through the network After receiving the encryption key generated by the encryption key generation unit further included in the information terminal device, the plaintext password of the main server is encrypted by the encryption key, and the encrypted password is transmitted through the network as the information A password encryption unit to be recorded in the encryption password recording unit of the terminal device;
The account identifier recorded in the account identifier recording unit of the information terminal device when determining whether to permit the operator who intends to operate the main server to operate the main server via the information terminal device. An account information receiving unit for receiving the encrypted password recorded by the encrypted password recording unit of the information terminal device ;
When deciding whether or not the operator who intends to operate the main server via the information terminal device is permitted to operate the main server, acquisition of the key basic information of the information terminal device from the information terminal device through the network An encryption key generated by the encryption key generation unit further included by the information terminal device using the encryption key generated from the key basic information after receiving the key basic information obtained by the unit or from the information terminal device through the network by using the encryption key after receiving the key, and a decoding unit for converting the plaintext password to decrypt the encrypted password taken received in the account information receiving unit,
Equipped with
An authentication apparatus characterized by using the account identifier and the plaintext password converted by the decryption unit to determine whether or not the operator who operates the main server is permitted to operate the main server . The authentication device according to claim 1, wherein the key basic information acquisition unit included in the information terminal device is an operation panel. Wherein the key base information acquisition unit that the information terminal device comprises an authentication device according to claim 1, wherein the biometric information obtaining means der Rukoto for acquiring biological information. And disagreement counting unit for counting the refusal decision number of times when you try to operate the main server to the operator to reject determine the operation of the main server has been continuously An account identifier,
An account stop information recording unit that records account stop information indicating that the subsequent authentication process using the account identifier is rejected for the account identifier whose count value in the mismatch counting unit exceeds a predetermined value;
An authentication permission / disapproval determination unit which determines that an operator who is trying to operate the main server is permitted to operate the main server only in the authentication process for the account identifier in which the account stop information recording unit does not record the account stop information ;
The authentication device according to claim 2, comprising:   An authentication program that causes a computer to operate as the authentication device according to claim 2. An account identifier recording unit, an encrypted password recording unit for recording an encrypted password, and a key basic information acquisition unit, and via the information terminal device connected to the network, or further, the key basic information Determine whether or not to allow the operator who operates the main server to operate the main server via the information terminal device including the encryption key generation unit that generates the encryption key from the key basic information acquired by the acquisition unit In the authentication method in the authentication device,
The authentication device encrypts a password using key basic information obtained from the key basic information acquisition unit of the information terminal device, and records the encrypted password in the encrypted password recording unit of the information terminal device.
In the operation permission determination via the information terminal device, the account identifier recorded in the account identifier recording unit of the information terminal device and the encrypted password recorded by the encrypted password recording unit of the information terminal device With receipt
Using the encryption key generated from the key basic information after receiving the key basic information obtained by the key basic information acquisition unit of the information terminal apparatus at the time of operation permission determination via the information terminal apparatus, or the information terminal apparatus After receiving the encryption key generated by the encryption key generation unit further included by the information terminal device from the key basic information obtained by the key basic information acquisition unit of the information terminal device when determining the operation permission via Convert the encrypted password into a plaintext password by decrypting the encrypted password using the key;
A method of authentication in an authentication apparatus , which uses the account identifier and the plaintext password to determine whether an operator who operates the main server is permitted to operate the main server . In deciding whether or not to permit the operation of the main server to the operator who is trying to operate the main server, when the authentication refusal decision of a predetermined number of times is sequentially made for one account identifier, the same account identifier is subsequently determined. authentication method according to claim 6, characterized in that the decision to reject the operation of the main server by the operator attempting to manipulate the main server with.

Images