JP2014164672A - Authentication device and authentication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enhance safety of password authentication, while preventing reduction in convenience of an authorized user.SOLUTION: A digit code generation unit 42 allocates a specific one of a plurality of codes as a digit code to each digit of a password registered by an authorized user. A digit code notification unit 44 gives information on the digit codes for the digits of the password to the authorized user. An error processing unit 54 transmits error information showing a mismatch state with the digit codes to a user to be authenticated when a character string input by the user to be authenticated is not coincident with the password. The error processing unit 54 determines the user to be authenticated as an unauthorized user when a character string input again by the user to be authenticated after the error information is transmitted is not coincident with the password and past coincident digits are not coincident with the password.

Description

  The present invention relates to a data processing technique, and more particularly to an authentication technique using a password.

  Currently, password authentication that uses a password to confirm a user's identity is widely used. As a main method of password authentication, there is a method in which a user memorizes a password character string and the user inputs the password character string into the system when authentication is necessary. For example, Patent Document 1 below proposes a technique for providing information indicating the position of an erroneous digit to a user when the user inputs an incorrect password character string.

JP-A-2005-149388

  By the way, a brute force attack is well known as a technique adopted by an attacker who tries to steal another person's password. As described above, in the technique of the above-described Patent Document 1, the position of the error digit is provided to the login attempter in order to maintain user convenience. However, the present inventor considered that when the login attempter is an attacker, the attacker can specify the password of the authorized user by changing the character of the error digit many times.

  The present invention has been made on the basis of the above-mentioned problem recognition of the present inventor, and its main purpose is to provide a technique for effectively increasing the security of password authentication while suppressing a decrease in convenience for a legitimate user. There is.

  In order to solve the above problems, an authentication device according to an aspect of the present invention includes a password holding unit that stores a password registered by a legitimate user, and a digit symbol that stores a symbol assigned to each digit of the password as a digit symbol. A storage unit, a digit symbol notifying unit for notifying the authorized user of the digit symbol of each digit of the password, and error information indicating the mismatch status by digit symbols when the character string entered by the authenticated user does not match the password. An error processing unit for notifying the authenticated user. The error processing unit determines that the user to be authenticated is an unauthorized user when the character string re-input by the user to be authenticated after notifying the error information does not match the password and the digits that have been matched in the past do not match this time.

  Another aspect of the present invention is also an authentication device. This device includes a password holding unit for storing a password registered by an authorized user, a digit symbol holding unit for storing a symbol assigned to each digit of the password as a digit symbol, and a digit symbol for each digit of the password. And an error processing unit for notifying the authenticated user of error information indicating a mismatch status with a digit symbol when the character string input by the authenticated user does not match the password. If the character string re-input by the authenticated user after notifying the error information does not match the password and the previously matched digit also matches this time, the error processing unit re-inputs the character string again by the authenticated user. To give permission.

  Yet another embodiment of the present invention is an authentication method. The method includes assigning a specific symbol as a digit symbol among a plurality of symbols for each digit of a password registered by the authorized user, notifying the authorized user of the digit symbol of each digit of the password, When the character string entered by the authenticated user does not match the password, a step of notifying the authenticated user of error information indicating a mismatch status by a digit symbol, and a character string re-input by the authenticated user after notification of the error information However, when the digits that do not match the password and the digits that matched in the past do not match this time, the information processing apparatus executes a step of determining the authenticated user as an unauthorized user.

  Yet another embodiment of the present invention is also an authentication method. The method includes assigning a specific symbol as a digit symbol among a plurality of symbols for each digit of a password registered by the authorized user, notifying the authorized user of the digit symbol of each digit of the password, When the character string entered by the authenticated user does not match the password, a step of notifying the authenticated user of error information indicating a mismatch status by a digit symbol, and a character string re-input by the authenticated user after notification of the error information However, the information processing apparatus executes a step of permitting the re-input of the character string by the authenticated user when the digit that does not match the password and the digit that matched in the past also matches this time.

  It should be noted that any combination of the above-described constituent elements and a representation of the present invention converted between a system, a program, a recording medium storing the program, etc. are also effective as an aspect of the present invention.

  ADVANTAGE OF THE INVENTION According to this invention, the safety | security of password authentication can be improved effectively, suppressing the fall of the convenience of a regular user.

It is a figure which shows the structure of the information processing system of embodiment. It is a block diagram which shows the function structure of the authentication server of FIG. It is a figure which shows the structure of an error history. It is a flowchart which shows operation | movement of an authentication server. It is a figure which shows an account registration screen. It is a figure which shows a digit code notification screen. It is a flowchart which shows operation | movement of an authentication server. It is a figure which shows a login screen. It is a figure which shows a login screen. It is a figure which shows the transition of an error digit, and the example of a determination result.

An outline will be described before the configuration of the embodiment is described.
One of the main methods for password authentication is to store a password character string in the user and allow the user to input the password character string into the system when authentication is required, such as when logging into the system. About this technique, the present inventor has recognized the following problems.
(1) In many cases, characters entered in the password input field are displayed as abbreviated characters (for example, “*”, etc.), so it is difficult to determine which part is wrong.
(2) If a brute force attack is made by an attacker, the password is revealed.

  By the way, in a system that performs user authentication using a password declared by a user, there may be a limit on the number of authentication failures. For example, there is a system that automatically locks a user's account and rejects subsequent logins when the number of authentication failures reaches 3. On the other hand, while portable information terminals such as smartphones are rapidly spreading, portable information terminals are generally not high in information input operability, and even a legitimate user cannot input an incorrect password unintentionally. It is expected to occur in the future. If the account is locked for a legitimate user, it is considered that convenience for the legitimate user is impaired.

  Therefore, in the authentication device according to the embodiment, at the time of password registration by the user, some symbol (hereinafter, also referred to as “digit code”) corresponding to each character digit of the password is randomly generated to correspond to each character digit of the password. Present the digit code to the user. In the subsequent authentication process, if the character string entered as the password by the user (hereinafter also referred to as the “login attempter”) does not match the registered password, the digit code indicating the mismatched digit is presented to the login attempter. To do. As a result, it is possible to indicate a place where the input password is incorrect in a form that can be discriminated only by an authorized user who has previously notified the digit code.

  Also, in the authentication device of the embodiment, when the number of consecutive authentication failures is 2 or more, whether the digit that matches the password already registered in the past authentication processing is not inconsistent in this comparison for the input password Confirm. If an error digit not in the past does not occur, authentication is permitted again. On the other hand, if an error digit not in the past occurs, it is determined that the authentication request source is not an authorized user but an attacker. Deny authentication.

  As a result, even if an incorrect password is entered for a legitimate user, re-authentication is permitted, and the correct position is supported by presenting the error position with a digit code. To suppress the decline in convenience. It is also possible to quickly identify an attacker and block password stealing by the attacker. For example, it is possible to prevent a legitimate user's password from being specified by a brute force attack.

  FIG. 1 shows a configuration of an information processing system according to an embodiment. The information processing system 100 includes a user terminal 10a, a user terminal 10b, a user terminal 10c, which are collectively referred to as a user terminal 10, an authentication server 12, and a business server 14. 1 are connected via a communication network 16 including a LAN, a WAN, the Internet, and the like.

  The user terminal 10 is an information device operated by a user. The user terminal 10 displays information provided from the authentication server 12 or the business server 14 on a predetermined display. Typically, a web browser is installed in the user terminal 10 to display a web page indicating a login screen or a service screen. The user terminal 10 may be a smartphone, a mobile phone, a tablet terminal, or a general PC.

  The authentication server 12 is an information processing apparatus that requests access to the business server 14 (hereinafter, also referred to as “requests to log in to the authentication server 12”) and performs identity verification processing for the user. The authentication server 12 confirms whether or not the login attempter is an authorized user by password authentication. It is also said that the authentication server 12 has succeeded in authenticating that the login attempter has been certified as a legitimate user, and that the authentication has failed in that it has been certified that the login attempter has not been a legitimate user.

  The business server 14 provides a predetermined service to a regular user who has succeeded in password authentication by the authentication server 12. For example, a web page describing various information permitted to be provided to the authorized user (for example, a product purchase screen, user personal information, company business information, etc.) is transmitted to the user terminal 10 of the authorized user. To display.

  The “regular user” in the description of the embodiment is a user who has a proper access right to the business server 14. It can also be said that the user has registered an account with the authentication server 12 by a regular procedure (registered ID and password). The “login attempter” in the embodiment is a user who requests login to the authentication server 12 and can be said to be an authenticated user who is authenticated by the authentication server 12. The login attempter may be a legitimate user, or may be an attacker who hits the legitimate user, that is, performs an illegal login by specifying the legitimate user ID.

  FIG. 2 is a block diagram showing a functional configuration of the authentication server 12 of FIG. The authentication server 12 includes a control unit 20 that executes various data processing for password authentication, and a data holding unit 22 that is an area for storing various setting information and data to be processed by the control unit 20. Although not shown in FIG. 2, the authentication server 12 also includes a communication processing unit that communicates with an external device according to a predetermined communication protocol. The control unit 20 transmits and receives data to and from an external device as appropriate via the communication processing unit.

  Each block shown in the block diagram of the present specification can be realized in terms of hardware by an element such as a CPU and a memory of a computer or a mechanical device, and in terms of software, it can be realized by a computer program or the like. , Depicts functional blocks realized by their cooperation. Therefore, those skilled in the art will understand that these functional blocks can be realized in various forms by a combination of hardware and software.

  For example, a program module corresponding to each functional block in FIG. 2 may be stored in the storage of the authentication server 12. And the function of the control part 20 may be implement | achieved when CPU of the authentication server 12 reads those program modules to the main memory and executes them. Further, the data holding unit 22 may be realized by a storage device such as a storage or a main memory.

  The data holding unit 22 includes a password holding unit 30, a digit code holding unit 32, and an error history holding unit 34. The password holding unit 30 holds the user ID registered by the authorized user and the password character string (hereinafter also referred to as “registered password”) in association with each other. The digit code holding unit 32 holds the digit code assigned by the later-described digit code generating unit 42 to the password character string registered by the authorized user. Specifically, a user ID, identification information for each digit, and a digit code for each digit are stored in association with each other.

  The error history holding unit 34 accumulates the status of the authentication process for the login attempter. In particular, information indicating a transition of a mismatch situation between a password character string input as a password by a login attempter and a registered password is accumulated as an error history. FIG. 3 shows the structure of the error history. The error history holding unit 34 includes, as an error history, an authentication ID that is identification information of a series of authentication processes for a certain login attempter, a user ID input by the login attempter, the number of authentications, and an error digit indicating a mismatched portion. The identification information is associated and held.

  Returning to FIG. 2, the control unit 20 includes an account registration unit 40, a digit code generation unit 42, a digit code notification unit 44, a login screen provision unit 46, an input character string acquisition unit 48, and an authentication determination unit 50. The authentication success processing unit 52 and the error processing unit 54 are included.

  The account registration unit 40 transmits an account registration screen to the user terminal 10 for display. Then, the user ID and password data input by the user on the account registration screen are received from the user terminal 10. The account registration unit 40 records the user ID and password received from the user terminal 10 in the password holding unit 30 in association with each other. A user who registers his / her account in the authentication server 12 in this way is called a regular user in the embodiment.

  The digit code generation unit 42 randomly assigns a specific symbol from among a plurality of predetermined symbols to each of the plurality of digits in the password character string of the authorized user acquired by the account registration unit 40. At that time, different symbols are assigned to each digit. Also, it is desirable to assign different symbols for each user even in the same digit (for example, the first digit), and in the embodiment, a symbol is randomly selected for each digit for each user. The symbol assigned to each digit of the password character string is hereinafter referred to as “digit code”.

  The digit code may be any character (alphabet, kanji, hiragana, etc.), any number, and any pattern or illustration. A plurality of symbols may be assigned to one digit. As an example, the digit code generation unit 42 sets “A” as the symbol indicating the first digit, “Q” as the symbol indicating the second digit, and the symbol indicating the third digit for the four-digit password “taro”. “R” may be assigned as a symbol indicating the fourth digit.

  However, it is desirable for the digit code to be difficult to determine the number of digits other than the person who registered the password. Therefore, for example, it is desirable to exclude characters, numbers, and illustrations that explicitly indicate “first digit”, “first”, and “1” as symbols assigned to the first digit of the password. In other words, if it is assumed that a person other than the password registrant recalls the association with a particular digit position, that particular symbol may be excluded from the symbol indicating that particular digit position. desirable. The digit code generation unit 42 stores the generated digit code (for example, the symbol “A”) in the digit code holding unit 32 in association with the regular user ID and digit identification information (for example, “first digit”).

  The digit code notifying unit 44 notifies the digit code generated by the digit code generating unit 42 to the user terminal 10 of the authorized user who registered the account. In the embodiment, as a response to the account registration request, a digit code notification screen indicating the digit code assigned to each digit of the password is transmitted to the user terminal 10 for display. In this way, the digit code can be said to be a note that only the password registrant can know the correspondence with the digit position of the password.

  The login screen providing unit 46 transmits a login screen to the authentication server 12 to the user terminal 10 for display. For example, when a legitimate user or an attacker (hereinafter also referred to as “login attempter”) accesses the business server 14 via the user terminal 10, the user is not logged in to the authentication server 12 (authentication by the authentication server 12 is not performed yet). ), The business server 14 may redirect to the login screen of the authentication server 12. This login screen is provided with a user ID input field and a password input field.

  The input character string acquisition unit 48 uses a character string of a user ID (hereinafter referred to as “input ID”) and a password (hereinafter also referred to as “input password”) input by the login attempter on the login screen. Receive from the terminal 10. The authentication determination unit 50 identifies the registration password associated with the input ID in the password holding unit 30, and determines whether or not the input password matches the registration password. If they match, information indicating the success of authentication is passed to the authentication success processing unit 52 in association with the user ID.

  When the input password and the registration password do not match, the authentication determination unit 50 identifies a portion where the input password and the registration password do not match. Specifically, it is specified how many digits of the input password do not match the registered password. In other words, it specifies how many digits of the registered password were not entered correctly. The authentication determination unit 50 passes the information indicating the authentication failure, the user ID, and the error digit information indicating the mismatched portion to the error processing unit 54.

  When the authentication success processing unit 52 is notified of authentication success from the authentication determination unit 50, the authentication success processing unit 52 executes predetermined authentication success processing for the login attempter. For example, a web page indicating that the login is successful may be transmitted to the user terminal 10 of the login attempter and displayed. Further, a web page (HTML code) including data indicating that the login to the authentication server 12 has been successful and including a redirect command to the business server 14 may be transmitted to the user terminal 10. If the error history associated with the user ID that has been successfully authenticated exists in the error history holding unit 34, the authentication success processing unit 52 deletes the error history.

  When an authentication failure is notified from the authentication determination unit 50, the error processing unit 54 executes a process at the time of authentication failure for the login attempter. The error processing unit 54 includes an error history update unit 60, an attacker determination unit 62, an error information generation unit 64, and an authentication failure processing unit 66.

  The error history update unit 60 stores the user ID and error digit information passed from the authentication determination unit 50 in the error history holding unit 34 in association with the authentication ID. As shown in FIG. 3, when an error history in which the same user ID as the user ID passed from the authentication determination unit 50 (that is, the input ID) already exists, the error history update unit 60 stores the existing error history. Increase the number of authentications and additionally record error digit information.

  As a modification, instead of determining the presence of an existing error history based on the user ID, the presence of the existing error history may be determined based on the session ID. For example, the session ID is issued to the user terminal 10 of the login attempter who provided the login screen, the authentication determination unit 50 notifies the authentication failure together with the session ID, and the error history update unit 60 includes the session ID in the error history. It may be recorded. When there is already an error history in which the same session ID as the session ID passed from the authentication determination unit 50 already exists, the error history update unit 60 increases the number of authentications of the existing error history, and stores error digit information. You may record additionally.

  The attacker determination unit 62 refers to the error history associated with the input ID among the error histories recorded in the error history update unit 60, and determines whether or not the login attempter who has failed in authentication is an attacker. To do. In other words, it is determined whether or not a login attempter who has failed in authentication meets a predetermined standard for certifying as an attacker.

  Specifically, if the number of authentication failures for the login attempter is one, execution of re-authentication processing for the login attempter is permitted. In other words, the login attempter is allowed to enter the password again, giving the login opportunity again. In this case, the attacker determination unit 62 instructs the error information generation unit 64 to generate error information.

  On the other hand, if the number of authentication failures for the login attempter is 2 or more, the attacker determination unit 62 determines the error digits in the past authentication process for the error digits of the input password (digits that do not match the registered password), Compare the error digits in this authentication process. In other words, the difference between the previously matched digit and the currently matched digit is determined.

  The attacker determination unit 62 determines that the login attempter is an attacker when the previously matched digit is not matched this time, in other words, when a new error digit that did not exist in the past occurs, and authentication failure processing is performed to that effect. Notification to the unit 66. In this case, the subsequent authentication process for the login attempter is rejected. If the previously matched digit matches this time, in other words, if there is no new error digit that did not exist in the past, the login attempter is not recognized as an attacker and the login attempter is allowed to authenticate again. . In this case, the error information generation unit 64 is instructed to generate error information in the same manner as when the number of authentication failures is one.

  When the error information generation unit 64 receives an error information generation instruction from the attacker determination unit 62, the error information generation unit 64 generates error information indicating the content of the password authentication error by at least some digit codes. Then, the generated error code is presented to the login attempter.

  Specifically, the error information generation unit 64 acquires the digit code associated with the input ID of the login attempter from the digit code holding unit 32. Then, among the digit codes corresponding to each digit of the registered password, the digit code corresponding to the error digit of the input password is extracted as an error code. The error information generating unit 64 passes the extracted error code to the login screen providing unit 46. The login screen providing unit 46 is a login screen for allowing the login attempter to input the password again, and transmits the data of the login screen in which the error code is set to the user terminal 10 for display.

  The authentication failure processing unit 66 executes a predetermined process for the attacker when notified by the attacker determination unit 62 that the login attempter is determined to be an attacker. In the embodiment, processing for rejecting subsequent authentication processing for the login attempter is executed. For example, an account lock process for the user ID input by the login attempter may be executed, and subsequent logins using the user ID may be set to be rejected regardless of the input password. Alternatively, the IP address of the user terminal 10 of the login attempter may be recorded as a reject address, and an authentication request from a device in which the IP address is set may be always rejected.

The operation of the authentication server 12 having the above configuration will be described below.
FIG. 4 is a flowchart showing the operation of the authentication server 12. The figure shows an operation related to user account registration in the authentication server 12. When the account registration unit 40 is requested from the user terminal 10 to provide an account registration screen, the account registration unit 40 transmits data on the account registration screen to the user terminal 10. FIG. 5 shows an account registration screen. When a user who wishes to register an account inputs a desired user ID and password and presses the registration button, the user terminal 10 transmits an account registration request message specifying the input user ID and password to the authentication server 12. .

  Upon receiving the account registration request message (Y in S10), the account registration unit 40 stores the user ID and password specified in the message in the password holding unit 30 (S12). The digit code generation unit 42 generates a digit code (for example, “AQr8”) corresponding to each digit of the registration password (for example, “taro”) and stores it in the digit code holding unit 32 (S14). The digit code notifying unit 44 notifies the user terminal 10 of the generated digit code (S16). If no account registration request is accepted (N in S10), S12 to S16 are skipped.

  FIG. 6 shows a digit code notification screen. Here, “taro” in FIG. 5 is a registered password, and in FIG. 6, “A”, “Q”, “r”, and “8” are assigned as codes indicating the first to fourth lines of the password, respectively. It shows that. Note that “Over” in the figure indicates that the number of characters of the input password exceeds the number of characters of the registered password, and in this example, the digit code “9” is assigned.

  FIG. 7 is also a flowchart showing the operation of the authentication server 12. The figure shows an operation related to user authentication processing in the authentication server 12. The user terminal 10 of the login attempter who wishes to log in to the authentication server 12, in other words, who wants to access the business server 14, requests the authentication server 12 to provide a login screen. When receiving the request (Y in S20), the login screen providing unit 46 transmits the data of the login screen to the user terminal 10 (S22).

  FIG. 8 shows a login screen. The original password is “taro”, and it is assumed here that the login attempter inputs “jiro”. In the login screen of FIG. 8, the characters entered in the password field are displayed in the lowercase. When the user presses the login button, the user terminal 10 transmits an authentication request message (in other words, a login request message) specifying the user ID and password input on the login screen to the authentication server 12.

  Returning to FIG. 7, the input character string acquisition unit 48 waits for an authentication request message from the user terminal 10 (N in S24), and when receiving the authentication request message (Y in S24), the input ID specified in the message The input password data is passed to the authentication determination unit 50. When the combination of the input ID and the input password exists in the password holding unit 30, in other words, when the registered password associated with the input ID matches the input password, the authentication determination unit 50 Judge that authentication was successful. If the authentication is successful (Y in S26), the authentication success processing unit 52 executes a predetermined authentication success process for the login attempter (S28). For example, a process for redirecting the user terminal 10 of the login attempter to the business server 14 is executed.

  If the authentication fails (N in S26), the authentication determination unit 50 identifies the error digit (S30), and the error history update unit 60 records the error history in the error history holding unit 34 (S32). For example, if an error history specifying the same ID as the input ID has already been recorded, the error history update unit 60 increments the number of authentications of the existing error history and records an error digit. If an error history specifying the same ID as the input ID is not recorded, a new error history specifying the input ID is recorded in the error history holding unit 34.

  The attacker determination unit 62 specifies the number of authentication failures with reference to the error history associated with the input ID of the login attempter. If the number of authentication failures is 1 (N in S34), the error information generation unit 64 creates an error code indicating the mismatch between the input password and the registered password using a digit code associated with the input ID. Then, it is passed to the login screen providing unit 46 (S36). Thereafter, returning to S22, the login screen providing unit 46 transmits the data of the login screen including the error code to the user terminal 10 to be displayed.

  FIG. 9 shows a login screen. As described above with reference to FIG. 8, the input password is “jiro” where the registration password is “taro”. That is, the first digit and the second digit of the input password are illegal. Therefore, in the login screen of FIG. 9, “A” indicating the first digit and “Q” indicating the second digit of the digit codes of FIG. 6 are shown as error codes. If the login attempter is a legitimate user, the digit code has been notified at the time of password registration, and the error digits “A” and “Q” can be seen to grasp the error digit. Thus, by indicating the error digits of the input password in a manner that can be understood only by the authorized user, it is possible to assist in inputting the correct password when the login attempter is the authorized user. On the other hand, if the login attempter is an unauthorized attacker, the error digit cannot be determined by looking at the error code.

  Returning to FIG. 7, if the number of authentication failures is two or more (Y in S34), the attacker determination unit 62 sets the past correct digit (the digit where the input password and the registered password match) to the current authentication. Check if an error has occurred. If there is no error in the past correct digits (N in S38), the process proceeds to S36. On the other hand, if an error has occurred in the past correct digits (Y in S38), the attacker determination unit 62 recognizes the login attempter as an unauthorized user. Then, the authentication failure processing unit 66 executes predetermined authentication failure processing for the login attempter (S40). For example, a web page describing that authentication is rejected is provided and displayed on the user terminal 10 of the login attempter. If a request for providing a login screen is not received from the user terminal 10 (N in S20), the subsequent processing is skipped and the flow of FIG.

  Although not shown in FIG. 7, when the input password at the time of authentication is longer than the registered password, the authentication determination unit 50 notifies the error processing unit 54 to that effect, and the error history update unit 60 of the error processing unit 54 Record “Over” in the error history. If “Over” is present in the error history and the “Over” is detected again at the time of subsequent authentication failure, in other words, if the re-entered password is longer than the registered password, the attacker determination unit 62 At this point, the login attempter is determined to be an attacker. That is, if “Over” is recorded continuously a plurality of times, it is immediately determined as an attacker.

  FIG. 10 shows examples of error digit transitions and determination results. The authentication ID, user ID, number of times of authentication, and error digit data in FIG. In the authentication process for the input ID “sato”, the authentication has failed three times, but any error digits after the second are included in the previous error digits. In other words, in the second authentication, a new error digit that does not exist in the first authentication error digit does not occur, and in the third authentication, a new error digit that does not exist in the second authentication error digit does not occur. Therefore, the attacker determination unit 62 does not recognize the login attempter as an attacker and permits re-authentication, and the error information generation unit 64 presents an error code to the login attempter. In this example, the authentication is successful for the fourth time. Since “Over” is detected in the first authentication, if “Over” is detected in the second and subsequent authentications, the login attempter is identified as an attacker at that time and Deny the authentication process.

  On the other hand, in the authentication process for the input ID “tanaka”, the authentication has failed twice, and in the second authentication, a new error digit “4” that is not in the error digit of the first authentication has occurred. Therefore, the attacker determination unit 62 recognizes the login attempter as an attacker. As a result, the error code is not presented to the login attempter and the password input opportunity is not given again, and subsequent authentication processing for the login attempter is rejected.

  Further, in the authentication process for the input ID “yamada”, the authentication has failed three times, and the error digit “1” is once again generated in the third authentication while being temporarily canceled in the second authentication. The attacker determination unit 62 recognizes the attacker based on the latest error history (in the example of the figure, the error history of the second authentication instead of the first authentication). Specifically, if an error digit at the time of an authentication failure is not included in an error digit at the time of the previous authentication failure, the login attempter is recognized as an attacker. In the example of “yamada”, the error digit “1” in the third authentication is detected in the first authentication, but not detected in the second authentication immediately before, so that it is recognized as an attacker in the third authentication.

  In this way, the authentication server 12 notifies the login attempter of an error code when the first authentication failure occurs. After that, when the login attempter tries to log in again, if an unprecedented error digit occurs, the login attempter is considered an unauthorized user who does not know the digit code. Therefore, the authentication server 12 rejects subsequent authentication for the login attempter when an unprecedented new error digit occurs in the authentication of the input password after the error code notification. For example, the acceptance of the authentication request is refused at the account level or the IP address level.

  As a result, even if there is an error in the password input for a legitimate user, the log-in convenience is suppressed by permitting another log-in attempt while presenting an error code. On the other hand, by rejecting subsequent authentications when an unprecedented error digit occurs in password authentication, login attempts by attackers who do not know the digit code can be quickly eliminated, and passwords due to attacker brute force attacks can be eliminated. Leakage can be effectively prevented.

  The present invention has been described based on the embodiments. This embodiment is an exemplification, and it will be understood by those skilled in the art that various modifications can be made to combinations of the respective constituent elements and processing processes, and such modifications are also within the scope of the present invention. is there. A modification is shown below.

  A first modification will be described. In the above embodiment, a digit code indicating a digit that does not match the input password and the registered password is extracted from the digit codes generated in advance for the registered password and presented to the login attempter. As a modification, a digit code indicating a digit that matches the input password and the registered password may be extracted from the digit code and presented to the login attempter. As another modified example, digit codes of each digit may be arranged, and a digit code string obtained by converting a digit code of a mismatched part or a matched part into another symbol may be presented to the login attempter. That is, the error processing unit 54 is a situation where the input password and the registered password do not match. Conversely, the error processing unit 54 may present the matching situation to the login attempter using at least a part of the digit code. Also in this modified example, if the login attempter is a regular user, it is possible to recognize an incorrect digit of the input password and support the input of the correct password.

  A second modification will be described. Although not mentioned in the above embodiment, the attacker determination unit 62 may determine that the login attempter is an attacker even when the number of authentication processing failures reaches a predetermined number of times. You may decide to refuse authentication processing. However, the specified number of times is set to a value larger than a general allowable number of times of authentication processing failure (for example, three times). For example, it may be set to 10 times or 20 times.

  A third modification will be described. The digit code notifying unit 44 of the above embodiment presents the digit code corresponding to the registered password to the password registrant user on the account registration response screen. As a modification, the digit code notifying unit 44 may transmit an electronic mail describing the digit code to the registrant's terminal. In addition, the digit code may be notified to the registrant offline such as a letter. In this case, the digit code notifying unit 44 stores the digit code in a device or file that stores information on the authorized user who should be notified of the digit code. It may be recorded, in other words, a predetermined process for supporting the digit code notification to the authorized user may be executed.

  A fourth modification will be described. In the above embodiment, when the user authentication is successful, the error history associated with the user ID (which may be a session ID as described above) is deleted. As a modification, when the authentication is successful, the authentication success processing unit 52 may save the error history related to the user who has succeeded in password authentication in a predetermined storage area while invalidating the error history in the subsequent attacker determination. For example, instead of deleting the error history when authentication is successful, an invalid flag indicating that the error history is not used may be set in the error history. Further, the error history may not be deleted, and may be saved in a storage area different from the error history holding unit 34 in a mode that is not used for the attacker determination in the subsequent authentication. As a result, the authentication server 12 and its administrator can execute processing utilizing the past results of authentication errors.

  For example, the authentication server 12 may further include a password change processing unit that refers to an error history (that is, past authentication error results) left after successful authentication and prompts the user to change the password. The password change processing part identifies the digit position of the password where the past authentication error has occurred, and the password change request message (password is changed because the current digit ○ is easy to be mistaken. A change promotion message) may be transmitted to the user terminal 10 to allow the user to confirm. Thereby, it becomes easy to increase the success rate of subsequent password authentication by a regular user, and the convenience of the regular user in password authentication can be improved.

  Any combination of the above-described embodiments and modifications is also useful as an embodiment of the present invention. The new embodiment generated by the combination has the effects of the combined embodiment and the modified examples. In addition, it should be understood by those skilled in the art that the functions to be fulfilled by the constituent elements described in the claims are realized by the individual constituent elements shown in the embodiments and the modified examples or by their linkage. .

  10 user terminal, 12 authentication server, 30 password holding unit, 32 digit code holding unit, 34 error history holding unit, 40 account registration unit, 42 digit code generating unit, 44 digit code notifying unit, 46 login screen providing unit, 48 input A character string acquisition unit, 50 authentication determination unit, 54 error processing unit, 60 error history update unit, 62 attacker determination unit, 64 error information generation unit, 100 information processing system.

Claims (4)

A password holding unit for storing passwords registered by authorized users;
A digit symbol holding unit for storing a symbol assigned to each digit of the password as a digit symbol;
A digit symbol notifying unit for notifying authorized users of the digit symbol of each digit of the password;
An error processing unit for notifying the authenticated user of error information indicating a mismatch situation by the digit symbol when a character string input by the authenticated user does not match the password;
With
If the character string re-input by the authenticated user after notifying the error information does not match the password and the previously matched digit does not match this time, the error processing unit identifies the authenticated user as an unauthorized user. An authentication device characterized in that it is determined. A password holding unit for storing passwords registered by authorized users;
A digit symbol holding unit for storing a symbol assigned to each digit of the password as a digit symbol;
A digit symbol notifying unit for notifying authorized users of the digit symbol of each digit of the password;
An error processing unit for notifying the authenticated user of error information indicating a mismatch situation by the digit symbol when a character string input by the authenticated user does not match the password;
With
The error processing unit, when the character string re-input by the authenticated user after notifying the error information does not match the password, and the previously matched digit also matches this time, the character string by the authenticated user An authentication device characterized by permitting further re-input. Assigning a specific symbol as a digit symbol among a plurality of symbols for each digit of a password registered by an authorized user;
Notifying a legitimate user of the digit symbol of each digit of the password;
A step of notifying the authenticated user of error information indicating a mismatch situation by the digit symbol when a character string input by the authenticated user does not match the password;
The character string re-input by the authenticated user after the notification of the error information does not match the password, and when the past matched digits do not match this time, determining the authenticated user as an unauthorized user;
An authentication method characterized in that the information processing apparatus executes. Assigning a specific symbol as a digit symbol among a plurality of symbols for each digit of a password registered by an authorized user;
Notifying a legitimate user of the digit symbol of each digit of the password;
A step of notifying the authenticated user of error information indicating a mismatch situation by the digit symbol when a character string input by the authenticated user does not match the password;
If the character string re-input by the authenticated user after notification of the error information does not match the password and the previously matched digit also matches this time, the re-input of the character string by the authenticated user is permitted. And steps to
An authentication method characterized in that the information processing apparatus executes.

Images