JP7477683B2 - Information processing device, information processing method, and program - Google Patents

Description

The present invention relates to an information processing device that performs authentication processing.

Conventionally, there have been systems that perform personal authentication using personal information such as passwords and biometric information (see, for example, Patent Document 1).

JP 2002-109439 A

However, until now, there has been no mechanism for authentication using an operation sequence, which is a set of two or more operations.

The information processing device of the first invention is an information processing device that includes an authentication information storage unit in which one or more pieces of authentication information having operation information related to two or more operations by a user are stored, a reception unit that receives an operation sequence that is a set of two or more operations, or operation information acquired from the operation sequence, an authentication unit that performs authentication processing to determine whether the operation information is valid by referring to the authentication information stored in the authentication information storage unit using the operation information acquired from the operation sequence accepted by the reception unit, or the operation information accepted by the reception unit, and an authentication result processing unit that performs processing according to the result of the authentication processing.

This configuration provides a mechanism for authentication using an operation sequence that is a collection of two or more operations.

The information processing device of the second invention is an information processing device in which, compared to the first invention, each of the two or more operations is an operation related to a screen transition of the terminal device.

This configuration provides a mechanism for authentication using a sequence of operations related to screen transitions on a terminal device.

The information processing device of the third invention is an information processing device in which, compared to the first invention, each of the two or more operations is an operation within one app or one window.

This configuration provides a mechanism for authentication using a sequence of operations within one app or one window.

The information processing device of the fourth invention is an information processing device in which, compared to any one of the first to third inventions, the authentication information storage unit stores one or more pieces of authentication information having operation information and a terminal identifier for identifying a terminal device, the reception unit receives an operation sequence from the terminal device, or the operation information acquired from the operation sequence, and the terminal identifier, and the authentication unit performs authentication processing to determine whether or not authentication information having the operation information acquired from the operation sequence received by the reception unit, or the operation information received by the reception unit, and the terminal identifier, exists in the authentication information storage unit.

This configuration makes it possible to provide a server that performs authentication using an operation sequence, which is a set of two or more operations received from one or more terminal devices, and a terminal identifier.

The information processing device of the fifth invention is an information processing device in which the processing according to the result of the authentication processing is processing for logging in to the information processing device, as compared to the fourth invention.

This configuration makes it possible to provide a server that performs authentication using an operation sequence, which is a set of two or more operations received from one or more terminal devices, and a terminal identifier, and allows login from the terminal devices.

The information processing device of the sixth invention is an information processing device according to any one of the first to third inventions, in which the processing according to the result of the authentication processing is processing for unlocking the screen.

This configuration makes it possible to provide a terminal device that uses an operation sequence to perform authentication and unlock the screen.

The information processing device of the seventh invention is an information processing device according to any one of the first to third inventions, in which the processing according to the result of the authentication processing is processing for making one or more apps available.

This configuration makes it possible to provide a terminal device that uses an operation sequence to perform authentication and enable the use of an app.

The information processing device of the eighth invention is an information processing device according to any one of the first to seventh inventions, further comprising a registration unit that receives an operation sequence consisting of operations from the operation following a start operation, which is an operation for acquiring an operation sequence for authentication, to an operation before an end operation, which is an end operation for acquiring an operation sequence for authentication, or operation information acquired from the operation sequence, in association with a terminal identifier, and accumulates in the authentication information storage unit authentication information having the operation information acquired from the operation sequence accepted by the acceptance unit or the operation information accepted by the acceptance unit and the terminal identifier.

With this configuration, by registering an operation sequence in association with a terminal identifier, it is possible to provide a mechanism for performing authentication using the operation sequence for each of one or more terminal devices.

The present invention provides a mechanism for performing authentication using an operation sequence, which is a set of two or more operations.

Block diagram of an information system according to the first embodiment A flowchart illustrating the operation of the information processing device. A flowchart explaining the determination process Data structure of the authentication information A diagram showing the screen transition according to the same operation. A diagram showing the changes on the screen in response to the same operation. Block diagram of an information processing device according to a second embodiment. Computer system overview FIG. 1 is a diagram showing an example of the internal configuration of a computer system.

Two embodiments of an information processing device etc. will be described below with reference to the drawings. Note that components with the same names in each embodiment basically perform similar operations, so only the different operations will be described and a repeated explanation of common operations may be omitted.

In the first embodiment, an information system including an information processing device 1, which is a server that performs authentication for each of one or more terminal devices 2 using an operation sequence that is a set of two or more operations, is described. The operations and operation sequences are described later.

In the second embodiment, we will explain an information processing device 10 that is a standalone terminal device that performs authentication using an operation sequence.

(Embodiment 1)
1 is a block diagram of an information system according to the present embodiment. The information system includes an information processing device 1 and one or more terminal devices 2. The information processing device 1 is communicatively connected to one or more terminal devices 2 via a network such as a LAN or the Internet, or a wireless or wired communication line, for example.

The information processing device 1 is, for example, a server of an organization such as a company or group that provides various online services, but it can also be a cloud server or an ASP server, and its type and location are not important.

The terminal device 2 is, for example, a terminal of a user who uses an online service. The terminal is, for example, a mobile terminal. The mobile terminal is, for example, a smartphone, a tablet terminal, a mobile phone, a notebook PC, etc., but the type does not matter. Alternatively, the terminal may be a stationary PC, and the type does not matter.

Alternatively, the terminal device 2 may be, for example, a terminal of an organization or its staff, regardless of its location.

However, the information processing device 1 may be a standalone device. In other words, the information system may be composed of only one server and may not include one or more terminal devices 2. Such a server may also be considered to be, for example, the information processing device 10 in embodiment 2.

The information processing device 1 includes a storage unit 11, a reception unit 12, a processing unit 13, and an output unit 14. The storage unit 11 includes an authentication information storage unit 111. The processing unit 13 includes an authentication unit 131, an authentication result processing unit 132, and a registration unit 133.

The terminal device 2 includes a terminal storage unit 21, a terminal reception unit 22, a terminal transmission unit 23, a terminal reception unit 24, a terminal processing unit 25, and a terminal output unit 26.

The storage unit 11 constituting the information processing device 1 can store various types of information. Examples of the various types of information include authentication information, which will be described later.

The storage unit 11 may store, for example, one or more pieces of screen configuration information, which will be described later. Other information stored in the storage unit 11 will be explained as appropriate.

The authentication information storage unit 111 stores one or more pieces of authentication information. The authentication information is information related to authentication. In this embodiment, authentication can be said to be, for example, judging whether or not the accepted operation information is valid. The acceptance will be described later.

The authentication information includes operation information. The operation information is information about an operation sequence. An operation sequence is a set of two or more operations. The operations are usually operations on the terminal device 2, but may also be operations on the information processing device 1.

An operation is, for example, an operation on a screen. An operation on a screen is, for example, an operation related to screen transitions (hereinafter, may be referred to as a screen transition operation). A screen transition can be, for example, a state change from a state in which one of two or more screens is displayed to a state in which another screen is displayed, or a repetition of such an information change two or more times.

A screen transition may be, in particular, for example, a state change from a state in which one screen is displayed among two or more screens having an order to a state in which the next or previous screen is displayed, or a repetition of such an information change two or more times.

For example, ordering can be said to mean lining up in order in one direction. The one direction is, for example, from left to right, but it can also be from top to bottom. Alternatively, the one direction can be, for example, from right to left, or from bottom to top, or it can be a diagonal direction such as from diagonally lower left to diagonally upper right. In the following, such a one direction is called the forward direction, and the opposite direction to the one direction is called the reverse direction.

In this embodiment, the two or more screens are specifically assumed to have an order in which the forward direction is, for example, from left to right. However, the order may be, for example, an order in which the forward direction is from top to bottom, an order in which the forward direction is from right to left or from bottom to top, or an order in which the forward direction is a diagonal direction; the type of order is not important. A screen transition between two or more screens having an order is usually a transition to the screen next to the current screen.

Alternatively, the two or more screens may not have any order. In that case, a transition may occur from a state in which one screen is displayed to a state in which any screen is displayed.

However, the operation information may be, for example, information on the result of an operation. The result of an operation is, for example, a screen transition. The operation information indicating a screen transition is, for example, composed of a string of two or more screen identifiers (hereinafter, screen identifier string). The screen identifier string is, for example, "screen 3, screen 2, screen 1, screen 2, screen 3," but the format of expression is not important.

Alternatively, the result of the operation may be, for example, emphasis of the pattern touched on the screen. Emphasis may be, for example, image processing such as enlargement, deformation, colouring, or sharpening, but any process that makes the touched pattern stand out is acceptable. The pattern may be, for example, a folder or icon, but it may also be a button or arrow, and the type does not matter. This type of operation information is, for example, composed of a string of two or more pattern identifiers (hereinafter referred to as a pattern identifier string). The pattern identifier string may be, for example, "folder 1, icon 5, icon 4", but the representation format does not matter.

In the terminal storage unit 21 described later, for example, two or more pieces of screen configuration information corresponding to two or more screens having the above-mentioned order are stored. Each of the two or more pieces of stored screen configuration information is associated with, for example, order information indicating the order of the screen. The order information is, for example, numbers such as "1", "2", "3", etc., but any information that can indicate an order may be used. Note that when two or more pieces of screen configuration information are stored in order according to the order of the two or more screens, order information does not need to be associated with each piece of screen configuration information.

In the following, the screen configuration information associated with sequence information "i" or stored in the i-th position may be referred to as screen configuration information i. Also, a screen configured with screen configuration information i may be referred to as screen i.

A screen transition corresponding to one operation sequence is usually composed of a state change sequence, which is a set of state changes in the same number as the number of operations constituting the operation sequence. Specifically, for example, if the initial state is a state in which screen 3 is displayed and the operation of pressing the "back" button (hereinafter, back operation) is performed twice, the screen transition corresponding to the operation sequence consisting of two back operations (hereinafter, may be written as the operation sequence "back operation, back operation") is composed of two state changes: a first state change from a state in which screen 3 is displayed to a state in which screen 2 is displayed, and a second state change from a state in which screen 2 is displayed to a state in which screen 1 is displayed. Note that, hereinafter, such a screen transition may be written as the screen transition "screen 3, screen 2, screen 1". Also, each of screens 1 to 3 has a "back" button and a "forward" button.

For example, when screen 3 is displayed, if a back operation is performed twice and then the "forward" button is pressed twice (hereinafter, forward operation), the state change sequence corresponding to the operation sequence "back operation, back operation, forward operation, forward operation" consisting of these four operations is composed of four state changes: a first state change from a state in which screen 3 is displayed to a state in which screen 2 is displayed, a second state change from a state in which screen 2 is displayed to a state in which screen 1 is displayed, a third state change from a state in which screen 1 is displayed to a state in which screen 2 is displayed, and a fourth state change from a state in which screen 2 is displayed to a state in which screen 3 is displayed. Note that hereinafter, such screen transitions may be described as "screen 3, screen 2, screen 1, screen 2, screen 3".

However, the number of operations that make up one operation sequence and the number of state changes that make up the screen transition corresponding to that operation sequence do not have to be the same. For example, two or more operations may cause one state change, or one operation may cause two or more state changes. In other words, operations and state changes do not have to correspond one-to-one.

Note that the operation of touching the left arrow (hereinafter, left arrow operation) has a function equivalent to the above-mentioned forward operation in terms of screen transitions. Similarly, the operation of touching the right arrow (hereinafter, right arrow operation) has a function equivalent to the above-mentioned back operation in terms of screen transitions. Therefore, for example, the operation sequence "left arrow operation, left arrow operation" also results in the above-mentioned screen transition "screen 3, screen 2, screen 1". Similarly, the operation sequence "left arrow operation, left arrow operation, right arrow operation, right arrow operation" also results in the above-mentioned screen transition "screen 3, screen 2, screen 1, screen 2, screen 3".

State changes can also be achieved by, for example, a flick operation. Specifically, for example, the above screen transition "Screen 3, Screen 2, Screen 1" can also be achieved by performing a left-to-right flick operation (hereinafter, right flick operation) twice. Also, for example, the above screen transition "Screen 3, Screen 2, Screen 1, Screen 2, Screen 3" can also be achieved by performing a right flick operation twice, followed by a right-to-left flick operation (hereinafter, left flick operation) twice more.

In this way, the type of operation related to the screen transition does not matter. Also, there may be two or more types of operation sequences corresponding to one screen transition.

Furthermore, each of the two or more operation sequences corresponding to one screen transition does not have to be composed of only the same type of operation. Specifically, the operation sequence corresponding to the above screen transition "Screen 3, Screen 2, Screen 1" may be, for example, the operation sequence "Back operation, Right flick operation", the operation sequence "Back operation, Right arrow operation", or the operation sequence "Right flick operation, Right arrow operation". There may be 3 x 3 = 9 types of operation sequences corresponding to the above screen transition "Screen 3, Screen 2, Screen 1". Similarly, there may be 3 x 3 x 3 x 3 = 81 types of operation sequences corresponding to the above screen transition "Screen 3, Screen 2, Screen 1, Screen 2, Screen 3".

Alternatively, the operation on the screen may be an operation within one screen. An operation within one screen means, for example, an operation within one app when only the screen of one app is displayed on the display. Or, when two or more windows displaying the screens of two or more apps are open on the display, it means an operation within one of those windows.

An operation within one app refers to, for example, an operation of touching one icon when two or more predetermined icons (e.g., icon 1, icon 2, icon 3, etc.) are displayed on the screen of one app (e.g., the standby screen of a communication app, etc.).

An operation sequence within an app may be composed of a set of two or more operations in which two or more icons are touched in a specific order, for example, icon 3, icon 2, icon 1. Hereinafter, such an operation sequence may be described as, for example, an operation sequence "icon 3, icon 2, icon 1." Note that the two or more operations that make up one operation sequence may include two or more operations on the same icon. This type of operation sequence may be anything, such as, for example, an operation sequence "icon 3, icon 3, icon 1."

An operation within one window may be, for example, an operation in which one or more folders (e.g., folder 1, folder 2, etc.) are displayed within one app, and in response to an operation of touching one of the folders (e.g., folder 1), a window is opened in which one or more icons (e.g., icon 4, icon 5, etc.) contained in the folder are displayed, and then one or more icons within the window may be touched in a specific order, such as "icon 5, icon 4."

Therefore, an operation sequence that is a set of two or more operations on one screen may be, for example, a set of operations in which two or more icons are touched in a specific order in one app (e.g., "icon 3, icon 2, icon 1"), or a set of operations in which one or more icons in one window are touched in a specific order (e.g., "icon 5, icon 4")

Alternatively, the sequence of operations within one screen may be a set of operations in which a specific folder (e.g., folder 1) is touched within one app, and then one or more icons within that folder are touched in a specific order (e.g., "folder 1, icon 5, icon 4" etc.), or the specific folder further contains one or more other folders (folder 3, folder 4 etc.), and a specific folder (e.g., folder 4) among the other one or more folders contains one or more icons (e.g., icon 6, icon 7 etc.), and after selecting a specific folder, another specific folder within the specific folder is selected, and then one or more icons within the other specific folder are touched (e.g., "folder 1, folder 4, icon 7" etc.).

However, the operation is not limited to an operation on a screen, but may be, for example, an operation on a hardware key or button (e.g., cursor key, home button, etc.), and the type is not important.

The operation information may be, for example, various operation sequences as described above, or may be information acquired from an operation sequence. Information acquired from an operation sequence is, for example, an ID sequence corresponding to the operation sequence. An ID sequence is a set of two or more IDs. An ID is information that identifies an operation. For example, a set of pairs of operations and IDs is stored in the storage unit 11. Note that, below, a pair of an operation and an ID may be referred to as "pair information", and a set of one or more pair information may be referred to as a "pair information group".

The pair information may be, for example, a pair of an operation "back operation" and an ID "1", a pair of an operation "forward operation" and an ID "2", etc. Alternatively, the pair information may be, for example, a pair of an operation "left arrow operation" and an ID "1a", a pair of an operation "right arrow operation" and an ID "2a", etc. Alternatively, the pair information may be, for example, a pair of an operation "right flick operation" and an ID "1b", a pair of an operation "left flick operation" and an ID "1b", etc. Alternatively, the pair information may be, for example, a pair of an operation "icon 1" and an ID "I1", a pair of an operation "icon 2" and an ID "I2", etc. Alternatively, the pair information may be, for example, a pair of an operation "folder 1" and an ID "F1", a pair of an operation "folder 2" and an ID "F2", etc.

The authentication information also typically includes a terminal identifier. The terminal identifier is information that identifies the terminal device 2. The terminal identifier is, for example, an address such as a MAC address or an IP address, an ID, etc., but it can be any information that can identify the terminal device 2. In particular, for example, if the terminal device 2 is a mobile terminal, the terminal identifier can be a user identifier. The user identifier is information that identifies the user of the terminal device 2. The user identifier is, for example, an address, name, email address, mobile phone number, etc., but it can be any information that can identify the user.

However, if the information system includes only one terminal device 2, the authentication information does not need to include a terminal identifier.

Specifically, the authentication information storage unit 111 may store, for example, authentication information having operation information "back operation, back operation, forward operation, forward operation" and a terminal identifier "A" (hereinafter, may be referred to as authentication information 1), authentication information having operation information "back operation, right flick operation" and a terminal identifier "B" (authentication information 2), authentication information having "folder 1, icon 5, icon 4" and a terminal identifier "C" (authentication information 3), etc.

Note that authentication information 1 may be expressed, for example, as "(1, 1, 2, 2), A" using the pair information group described above. Similarly, authentication information 2 may be expressed, for example, as "(1, 1a), B", and authentication information 3 may be expressed, for example, as "(F1, I5, I4), C".

The reception unit 12 receives various types of information. Examples of the various types of information include an operation sequence, operation information, and a terminal identifier. Reception is a concept that includes, for example, the reception of information input from an input device such as a keyboard or a touch panel, the reception of information transmitted via a network or a communication line, and the reception of information read from a recording medium such as a disk or a semiconductor memory.

The reception unit 12 typically receives an operation sequence or operation information and a terminal identifier from one or more terminal devices 2, in association with the terminal identifier.

Specifically, the reception unit 12 receives, for example, operation information "back operation, back operation, forward operation, forward operation" and a terminal identifier "A" from the terminal device 2 of user A. The reception unit 12 may also receive, for example, operation information "back operation, right flick operation" and a terminal identifier "B" from the terminal device 2 of user B. The reception unit 12 may also receive, for example, operation information "folder 1, icon 5, icon 4" and a terminal identifier "C" from the terminal device 2 of user C.

However, if the information system includes only one terminal device 2, the reception unit 12 may receive only the operation sequence or operation information, and may not receive the terminal identifier.

Alternatively, the reception unit 12 may receive an operation sequence via an input device such as a keyboard, and obtain operation information from the received operation sequence using the pair information group stored in the storage unit 11. Specifically, for example, operation information "1, 1, 2, 2" may be obtained from the received operation sequence "back operation, back operation, forward operation, forward operation", operation information "1, 1a" may be obtained from the received operation sequence "back operation, right flick", and operation information "F1, I5, I4" may be obtained from the received operation sequence "folder 1, icon 5, icon 4".

The reception unit 12 may also receive, for example, a start operation and an end operation. A start operation is an operation for starting the acquisition of an operation sequence for authentication, and an end operation is an operation for ending the acquisition of an operation sequence for authentication.

The start operation is, for example, an operation that starts the acquisition of an operation sequence in order to register operation information that constitutes the authentication information. Specifically, this type of start operation may be, for example, pressing a "Register" button or touching a predetermined character string such as "Start registering operation information," and the form is not important.

Alternatively, the start operation may be an operation that starts the acquisition of an operation sequence in order to perform authentication. Specifically, this type of start operation may be, for example, pressing an "authenticate" button or touching a predetermined character string such as "perform authentication," and the form is not important.

The end operation is, for example, an operation to end the acquisition of an operation sequence. Specifically, the end operation may be, for example, pressing an "OK" button or touching a predetermined character string such as "End acquisition of operation sequence," and the manner of the end operation is not important.

For example, in response to receiving a start operation, the reception unit 12 starts a storage operation in which operations following the start operation and subsequent operations are stored in chronological order in an internal memory or the like, and then in response to receiving a termination operation, stops the storage operation for operations following the termination operation and subsequent operations. As a result, an operation sequence consisting of operations following the start operation and subsequent operations up to the termination operation is stored in the internal memory or the like, and the reception unit 12 acquires the operation sequence or operation information acquired from the operation sequence from the internal memory.

The reception unit 12 receives an operation sequence consisting of operations from the operation following the start operation to the operation before the end operation, or operation information acquired from the operation sequence, in association with a terminal identifier. Note that receiving in association may mean, for example, receiving the operation sequence or operation information at the same time as the terminal identifier, receiving the operation sequence or operation information after receiving the terminal identifier, or receiving the terminal identifier after receiving the operation sequence or operation information. As long as it is possible to associate the operation sequence or operation information with the terminal identifier, the timing of receiving each is not important.

The processing unit 13 performs various processes. The various processes are, for example, processes of the authentication unit 131, the authentication result processing unit 132, and the registration unit 133. The processing unit 13 also performs, for example, various determinations that will be explained in the flowcharts. The processing unit 13 may also perform a process of configuring a screen using the screen configuration information stored in the storage unit 1.

The authentication unit 131 performs authentication processing to determine whether the operation information is valid by referring to the authentication information stored in the authentication information storage unit 111 using the operation information acquired from the operation sequence accepted by the acceptance unit 12 or the operation information accepted by the acceptance unit 12.

The authentication unit 131 determines whether or not authentication information having, for example, operation information acquired from an operation sequence accepted by the acceptance unit 12, or operation information accepted by the acceptance unit 12, and a terminal identifier accepted by the acceptance unit 12 in association with the operation sequence or the operation information, exists in the authentication information storage unit 111.

In other words, the authentication unit 131 may be said to determine, for example, for each of one or more terminal identifiers, whether or not the operation information obtained from the accepted operation sequence or the accepted operation information is stored in the authentication information storage unit 111. Note that the operation of the authentication unit 131 described below is an operation related to one terminal identifier, and the authentication unit 131 performs a similar operation for each of one or more terminal identifiers.

The authentication unit 131 may, for example, determine whether or not the operation information acquired from the accepted operation sequence or the accepted operation information is stored in the authentication information storage unit 111. In detail, the authentication unit 131 may, for example, determine that the operation information is valid when authentication information matching the acquired or accepted operation information is stored in the authentication information storage unit 111, whereas it may determine that the operation information is invalid when authentication information matching the acquired or accepted operation information is not stored in the authentication information storage unit 111. Note that invalidity may be rephrased as being unjust.

Here, a match usually means a perfect match. A perfect match means that the number m of operations constituting the stored operation information matches the number n of operations constituting the accepted operation information (m = n), and the combination of m operations constituting the stored operation information matches the combination of n operations constituting the accepted operation information, and even the permutations match. Therefore, for example, if m = n, and the combination of m operations matches the combination of n operations, but the permutations do not match, it is not a perfect match.

Specifically, for example, when the authentication information storage unit 111 stores authentication information "back operation, back operation, forward operation, forward operation" and the reception unit 12 receives operation information "back operation, back operation, forward operation, forward operation," since m=n and the permutation of m operations matches the permutation of m operations, the stored authentication information and the received operation information are a perfect match, and the authentication unit 131 determines that the received operation information is valid. On the other hand, in such a state, for example, when operation information "back operation, forward operation, forward operation, back operation" is received, m=n and the combination of m operations matches the combination of n operations, but the permutation does not match, so there is no perfect match, and the authentication unit 131 determines that the received operation information is invalid.

However, a match may also be considered to include a case where, for example, m=n, and a combination of m operations matches a combination of n operations, but the permutations do not match. In such a case, the authentication unit 131 determines that, for example, the operation information "back operation, forward operation, forward operation, back operation" is also valid.

Furthermore, a match does not usually include a partial match, but it may be considered to include a partial match. A partial match means that the permutation of the m operations that make up the stored operation information partially matches the order of the n operations that make up the accepted operation information. A partial match is, for example, a forward match, but it can also be a backward match, and it does not matter which parts match.

Furthermore, two or more types of operations corresponding to one screen transition are usually considered to be different operations, but may be considered to be the same operation. For example, the storage unit 11 stores a collection (group of group information) of pairs (group information) of a screen transition and one or more types of operations that cause the screen transition. Group information is, for example, a group of a screen transition "return to previous screen" and two or more operations "back operation", "right flick", and "right arrow" (group information 1), a group of a screen transition "progress to next screen" and two or more operations "forward operation", "left flick", and "left arrow" (group information 2), etc.

For example, when the authentication information "back operation, back operation, forward operation, forward operation" is stored and the reception unit 12 receives the operation information "right flick, right flick, left flick, left flick," the authentication unit 131 may use a group of group information composed of the above two pieces of group information 1 and 2, etc., to determine that the operation information matches the authentication information, and judge that the received operation information is valid.

The authentication result processing unit 132 performs processing according to the result of the authentication process. The result of the authentication process may be, for example, "valid" meaning that the operation information is valid, or "invalid" meaning that the operation information is invalid, but the form of expression is not important. The processing according to the result of the authentication process may be, for example, processing for logging in to the information processing device 1. The processing for logging in may be, for example, processing for permitting or not permitting login depending on the result of the authentication process. Alternatively, the processing for logging in may be transmitting or displaying the result of the authentication process. Note that the login is usually a login from one or more terminal devices 2 to the information processing device 1, but may also be a login within the information processing device 1.

For example, the authentication result processing unit 132 may permit login to the information processing device 1 when the authentication unit 131 determines that the operation information is valid, and may reject login to the information processing device 1 when the authentication unit 131 determines that the operation information is invalid.

Alternatively, the process according to the result of the authentication process may be a process for lifting a restriction on a function of the terminal device 2. The restriction on a function may be, for example, a restriction on the launch of an app. For example, when the operation information from the terminal device 2 is determined to be valid, the authentication result processing unit 132 may lift the restriction on the launch of an app on the terminal device 2, whereas when the operation information is determined to be an invalid information processing method, the authentication result processing unit 132 may maintain the restriction on the launch of an app on the terminal device 2. Note that lifting the restriction means, for example, sending a lifting command to the terminal device 2 and changing the terminal device 2 from a state in which the app cannot be launched to a state in which it can be launched in response to the command.

The registration unit 133 accumulates, in the authentication information storage unit 111, authentication information having operation information acquired from the operation sequence accepted by the acceptance unit 12 or the operation information accepted by the acceptance unit 12 and a terminal identifier accepted by the acceptance unit 12 in association with the operation sequence or the operation information.

For example, when the operation information "back operation, back operation, forward operation, forward operation" is received in association with the terminal identifier "A", the registration unit 133 stores the authentication information "(back operation, back operation, forward operation, forward operation), A" in the authentication information storage unit 111. Also, when the operation information "back operation, right flick" is received in association with the terminal identifier "B", the registration unit 133 stores the authentication information "(back operation, right flick), B" in the authentication information storage unit 111. Furthermore, when the operation information "folder 1, icon 5, icon 4" is received in association with the terminal identifier "C", the registration unit 133 stores the authentication information "(folder 1, icon 5, icon 4), C" in the authentication information storage unit 111.

When registering authentication information, for example, the user may return to the home screen and register operations from the home screen as authentication information. The home screen may be the screen that is displayed immediately after startup or unlocking. The home screen may be displayed, for example, in response to pressing the home button while another screen is displayed.

In more detail, for example, in response to the reception unit 12 receiving a start operation, the processing unit 13 determines whether the current screen is a home screen or not, and if it is determined that the current screen is not a home screen, performs processing to transition the current screen to the home screen, and the registration unit 133 registers the operation from the home screen as authentication information. In this way, natural operations from the home screen become authentication information.

In addition, when the authentication information includes, for example, one or more pattern identifiers that identify the patterns of folders, icons, etc. (for example, authentication information 3 in FIG. 4 described later), and the position of one or more patterns (for example, folder 1, icon 5, icon 4) identified by the one or more pattern identifiers is changed, the registration unit 133 may be automatically activated to prompt the user to register the authentication information.

In more detail, for example, the processing unit 13 may determine whether the position of any of the one or more patterns identified by the one or more pattern identifiers has been changed for authentication information stored in the authentication information storage unit 111 and including the one or more pattern identifiers, and if it is determined that the position of any of the patterns has been changed, may activate the registration unit 133 and display information via the output unit 14 that prompts the user to register the authentication information.

The output unit 14 outputs various information. For example, various information is the result of the authentication process. The output is usually transmitted to the terminal device 2, but it can also be displayed on a display, printed out on a printer, stored on a recording medium, or passed to another program, and the form is not important.

The output authentication process result does not have to be the same as the received authentication process result. For example, the storage unit 11 may store a pair of the authentication process result "valid" and the first character string "The application is starting...", and a pair of the authentication process result "invalid" and the second character string "The operation information is incorrect. Please re-enter", and the output unit 14 may output the first character string when the authentication process result "valid" is received, and output the second character string when the authentication process result "invalid" is received. The same matters also apply to the terminal output unit 26 described later.

The output unit 14 may use, for example, the screen configuration information stored in the storage unit 11 to configure a screen as described above and transmit it to the terminal device 2. Alternatively, the output unit 14 may transmit the screen configuration information or a screen identifier to the terminal device 2. The screen identifier is information that identifies a screen. The screen identifier is, for example, a URL, but may also be an ID, or any other information that can identify a screen.

The terminal storage unit 21 constituting the terminal device 2 stores various types of information. The various types of information include, for example, a terminal identifier, one or more apps, and one or more screen configuration information. The apps may be, for example, a communication app or an internet banking app, but the type is not important.

Screen configuration information is information for configuring a screen. Screen configuration information includes, for example, designs, character strings, layout information, and the like. Designs are, for example, images such as icons of various applications, folders containing one or more icons, various buttons such as "forward" and "back," and arrows pointing in various directions such as rightward and leftward.

A character string is, for example, a character string that is associated with a design. Specific examples of this type of character string include character strings such as "forward" and "back" that are associated with buttons. Also, a character string such as an app name may be associated with an icon. Alternatively, the character string may be an independent character string that is not associated with a design.

Layout information is information that indicates the arrangement, within a screen, of one or more elements, such as images or character strings, that make up a screen. Layout information is, for example, a set of one or more coordinates that correspond to one or more elements. However, the data structure of the screen configuration information is not important.

The terminal reception unit 22 receives various types of information. Examples of the various types of information include an operation sequence or operation information obtained from the operation sequence.

The terminal transmission unit 23 transmits various types of information to the information processing device 1. The various types of information include, for example, a terminal identifier, an operation sequence, and operation information. For example, the terminal transmission unit 23 transmits to the information processing device 1 an operation sequence accepted by the terminal reception unit 22 or operation information acquired from the operation sequence, in association with a terminal identifier stored in the terminal storage unit 21. Note that the operation sequence transmitted may include a case where only one operation is included. In other words, the terminal transmission unit 23 may transmit an operation each time the terminal reception unit 22 accepts the operation.

The terminal receiving unit 24 receives various information from the information processing device 1. The various information is, for example, the result of the authentication process. The terminal receiving unit 24 may also receive screen configuration information or information about the screen, etc. from the information processing device 1.

The device processing unit 25 performs various types of processing. Examples of various types of processing include configuring a screen and launching an app. The device processing unit 25 configures a screen using screen configuration information stored in the device storage unit 21, for example. Note that the device processing unit 25 may configure a screen using screen configuration information received by the device receiving unit 24, for example. In addition, the device processing unit 25 launches an app when the device receiving unit 24 receives an authentication processing result of "legitimate", for example.

The terminal output unit 26 outputs various types of information. Examples of the various types of information include authentication processing results and screens. The output by the terminal output unit 26 is usually displayed on a display, but it can also be printed out on a printer, stored on a recording medium, or passed to another program, and the form is not important.

The terminal output unit 26, for example, displays the authentication processing result received by the terminal receiving unit 24 on a display. The terminal output unit 26 also displays, for example, a screen configured by the device processing unit 25 on a display.

The storage unit 11, the authentication information storage unit 111, and the terminal storage unit 21 are preferably non-volatile recording media such as a hard disk or flash memory, but can also be realized with a volatile recording medium such as RAM. Note that the same points also apply to the storage unit 101 and the authentication information storage unit 1011 described in the second embodiment.

The process by which information is stored in the storage unit 11, etc. is not important. For example, information may be stored in the storage unit 11, etc. via a recording medium, information transmitted via a network or communication line, etc. may be stored in the storage unit 11, etc., or information inputted via an input device may be stored in the storage unit 11, etc.

The reception unit 12 and the terminal reception unit 22 may or may not be considered to include an input device. The reception unit 12 and the like may be realized by the driver software of the input device, or by the input device and its driver software. The same points also apply to the reception unit 102 described in the second embodiment.

The processing unit 13, authentication unit 131, authentication result processing unit 132, registration unit 133, and device processing unit 25 can usually be realized by an MPU, memory, etc. The processing procedures of the processing unit 13, etc. are usually realized by software, and the software is recorded in a recording medium such as a ROM. However, the processing procedures may also be realized by hardware (dedicated circuitry). Note that the same points also apply to the processing unit 103, authentication unit 1031, authentication result processing unit 1032, and registration unit 1033 described in embodiment 2.

The output unit 14 and the terminal output unit 26 may or may not be considered to include output devices such as a display or a speaker. The output unit 14 and the like may be realized by the driver software of the output device, or by the output device and its driver software. The same points also apply to the output unit 104 described in the second embodiment.

The terminal transmitter 23 and the transmission function of the output unit 14 are typically implemented using wired or wireless communication means (e.g., a communication module such as a network interface controller (NIC) or a modem), but may also be implemented using broadcasting means (e.g., a broadcasting module).

The terminal receiving unit 24 and the receiving function of the acceptance unit 12 are typically realized by wired or wireless communication means, but may also be realized by a means for receiving broadcasts (e.g., a broadcast receiving module).

Next, the operation of the information system will be described using the flowcharts in Figures 2 and 3. Figure 2 is a flowchart that explains the operation of the information processing device 1.

(Step S201) The processing unit 13 determines whether the reception unit 12 has received an operation sequence consisting of two or more operations for authentication. Note that reception in this flowchart is usually reception from the terminal device 2, and the reception unit 12 receives the operation sequence for authentication in association with, for example, a terminal identifier. However, if there is only one terminal device 2, the reception unit 12 does not need to receive a terminal identifier.

For example, when the reception unit 12 receives a start operation from the terminal device 2, and then receives two or more operations following the start operation and then receives an end operation, the processing unit 13 considers that the two or more operations from the operation following the start operation to the operation before the end operation are an operation sequence for authentication, and determines that the operation sequence for authentication has been accepted. If the reception unit 12 determines that the operation sequence for authentication has been accepted, the process proceeds to step S202, and if it determines that the operation sequence has not been accepted, the process returns to step S201.

(Step S202) The processing unit 13 constructs operation information using the operation sequence accepted in step S201.

(Step S203) The authentication unit 131 determines whether the operation information configured in step S202 is valid, and obtains a variable indicating the result of the determination. Note that the determination will be explained using the flowchart in FIG. 3.

(Step S204) The processing unit 13 determines whether the variables acquired in step S203 indicate validity. If the acquired variables indicate validity, the process proceeds to step S205, and if they indicate invalidity, the process proceeds to step S206.

(Step S205) The authentication result processing unit 132 executes a process for when the accepted operation information is valid. Then, the process returns to step S201.

(Step S206) The processing unit 13 determines whether or not the receiving unit 12 has received an operation that accepts the judgment result that the operation information constructed in step S202 is invalid. Note that an operation that accepts the judgment result that the operation information is invalid is, for example, an operation of pressing the "Cancel" button or turning off the power in response to an output that the operation information is invalid, but any operation that can accept the judgment result is acceptable.

(Step S207) The authentication result processing unit 132 executes processing for when the accepted operation information is invalid. Then, the process returns to step S201.

In the flowchart of FIG. 2, for example, steps S201 and S202 may be changed to steps S201a and S202a described below, and step S201b described below may be added between steps S201a and S202a.

(Step S201a) The processing unit 13 determines whether the reception unit 12 has received an operation.

(Step S201b) The processing unit 13 stores the operation accepted in step S201a in the storage unit 11.

(Step S202b) The processing unit 13 constructs operation information using an operation sequence consisting of two or more operations stored in the storage unit 11.

In the flowchart of FIG. 2, the process starts, for example, when the "Authenticate" button is pressed, when the information processing device 1 is turned on, or when a program is started, and ends, for example, when the "OK" button is pressed, when the power is turned off, or when an interrupt occurs to end the process. However, the trigger for starting or ending the process is not important.

Figure 3 is a flowchart explaining the determination process.

(Step S301) The authentication unit 131 obtains, from the authentication information storage unit 111, authentication information corresponding to the terminal identifier associated with the operation sequence accepted in step S201.

(Step S302) The authentication unit 131 determines whether the operation information configured in step S202 matches the authentication information acquired in step S301. If the configured operation information matches the acquired authentication information, the process proceeds to step S303; if they do not match, the process proceeds to step S304.

(Step S303) The authentication unit 131 sets the variable to "legitimate". Then, the process returns to the upper level.

(Step S304) The authentication unit 131 sets the variable to "invalid". Then, it returns to the upper level process.

The specific operation of the information system in this embodiment will be described below. Note that the following description can be modified in various ways and does not limit the scope of the present invention in any way.

The information system in this example includes an information processing device 1 and two or more terminal devices 2. The information processing device 1 is a bank server that provides online services such as Internet banking. Note that the information processing device 1 may be operated by, for example, a bank employee.

Of the two or more terminal devices 2, one (hereinafter, sometimes referred to as terminal device 2A) is a terminal of user A who uses the bank's online service, another (hereinafter, terminal device 2B) is a terminal of user B who uses the same service, and the remaining one (hereinafter, terminal device 2C) is a terminal of user C who uses the same service.

The terminal storage unit 21 of terminal device 2A stores a terminal identifier "A." The terminal storage unit 21 of terminal device 2B stores a terminal identifier "B." The terminal storage unit 21 of terminal device 2C stores a terminal identifier "C."

In addition, two or more pieces of screen configuration information (for example, three pieces of screen configuration information 1 to 3) are stored in the terminal storage unit 21 of each of the terminal devices 2A to 2C. The screen configuration information 1 to 3 is information for configuring the screens 1 to 3.

Furthermore, the authentication information storage unit 111 of the information processing device 1 stores, for example, two or more pieces of authentication information as shown in FIG. 4. FIG. 4 is a data structure diagram of authentication information. The authentication information has operation information and a terminal identifier. Each of the two or more pieces of authentication information stored corresponds to an ID (for example, "1", "2", "3", etc.).

For example, authentication information associated with ID "1" (hereinafter, authentication information 1) has operation information (back operation, back operation, forward operation, forward operation) and terminal identifier "A". Furthermore, authentication information associated with ID "2" (authentication information 2) has operation information (back operation, right flick) and terminal identifier "B". Furthermore, authentication information 3 has operation information (folder 1, icon 5, icon 4) and terminal identifier "C".

The stored authentication information 1 to 3 is information that the reception unit 12 receives from each of the terminal devices 2A, 2B, and 2C, and that the registration unit 133 accumulates. An example of the operation during registration has been described above, so it will not be repeated.

Now, suppose that screen 3 is displayed on the display of terminal device 2A, and user A inputs an operation sequence for authentication via the touch panel of terminal device 2A. The input operation sequence is made up of four operations 1 to 4, where operation 1 is a back operation, operation 2 is a back operation, operation 3 is a forward operation, and operation 4 is a forward operation.

In the terminal device 2A, the terminal reception unit 22 receives the above operation sequence "back operation, back operation, forward operation, forward operation." The terminal output unit 26 outputs screen 2 in response to the first back operation, outputs screen 1 in response to the next back operation, outputs screen 2 in response to the next forward operation, and outputs screen 3 in response to the next forward operation. As a result, the display transitions, for example, as shown in FIG. 5.

Figure 5 is a diagram showing screen transitions according to operations. The display transitions from screen 3 to screen 2 according to operation 1, from screen 2 to screen 1 according to operation 2, from screen 1 to screen 2 according to operation 3, and from screen 2 to screen 3 according to operation 4. Although omitted in Figure 5, screen 4 and screen 5 also exist after screen 3. Screen 3 is the middle screen of the five screens 1 to 5, and it is also possible to transition from screen 3 to screen 4, and from screen 4 to screen 5, for example.

The terminal transmission unit 23 acquires the terminal identifier "A" from the terminal storage unit 21, and transmits the accepted operation sequence "back operation, back operation, forward operation, forward operation" to the information processing device 1 in association with the acquired terminal identifier "A."

In the information processing device 1, the reception unit 12 receives the above operation sequence paired with the terminal identifier "A", and the processing unit 13 uses the received operation sequence to construct operation information (back operation, back operation, forward operation, forward operation) paired with the terminal identifier "A".

The authentication unit 131 uses authentication information 1 having the terminal identifier "A" from among the two or more pieces of authentication information stored in the authentication information storage unit 111, and determines that the configured operation information is valid because the operation information "back operation, back operation, forward operation, forward operation" configured as described above matches the operation information held by the authentication information 1 (back operation, back operation, forward operation, forward operation), and obtains the determination result "valid."

When the judgment result "legitimate" is obtained, the authentication result processing unit 132 allows login from the terminal device 2A. Specifically, the authentication result processing unit 132 obtains, for example, a screen of the bank's homepage from the storage unit 11, and the output unit 14 transmits the obtained screen to the terminal device 2A.

In the terminal device 2A, the terminal receiving unit 24 receives the above screen, and the terminal output unit 26 outputs the received screen via the display. As a result, the screen of the bank's homepage is displayed on the display of the terminal device 2A, and User A can receive services such as internet banking.

In the above operation example, if the sequence of operations input by user A is composed of, for example, four operations 1 to 4, where operation 1 is a back operation, operation 2 is a forward operation, operation 3 is a forward operation, and operation 4 is a back operation, the operation information composed of this sequence of operations does not match the operation information held by authentication information 1, so the authentication unit 131 determines that the operation information is invalid and obtains a determination result of "invalid."

If the number of operations constituting the operation sequence is a number other than 4, such as 3 or 5, or if the operation information obtained from the operation sequence only partially matches the operation information constituting the authentication information, the judgment result is "invalid."

In response to the judgment result "invalid", the authentication result processing unit 132 rejects the login from the terminal device 2A and performs error processing. Specifically, the authentication result processing unit 132 obtains, for example, from the storage unit 11, a screen having the character string "The operation information is invalid. Please re-enter the operation sequence." that prompts the user to re-enter the operation sequence, and the output unit 14 transmits the obtained screen to the terminal device 2A.

In the terminal device 2A, the terminal receiving unit 24 receives the above screen, and the terminal output unit 26 outputs the received screen via the display. As a result, a screen having the above character string is displayed on the display of the terminal device 2A, and user A can re-input the operation sequence in the same manner as above. If the user accepts the refusal of login because he or she cannot remember the registered operation sequence, the user can perform an operation such as pressing the "Cancel" button, and the display will transition to a screen that provides guidance on registering an operation sequence.

When screen 3 is displayed on the display of terminal device 2B and user B inputs an operation sequence via the touch panel of terminal device 2B, the operation sequence is as follows. The input operation sequence is composed of two operations 1 and 2, where operation 1 is a back operation and operation 2 is a right flick.

In terminal device 2B, the terminal reception unit 22 receives the operation sequence "back operation, right flick", and the terminal output unit 26 outputs screen 2 in response to the first back operation, and outputs screen 1 in response to the next right flick. As a result, the display transitions from screen 3 to screen 2 in response to operation 1, and from screen 2 to screen 1 in response to operation 2, for example, as shown in FIG. 5. The terminal transmission unit 23 obtains the terminal identifier "B" from the terminal storage unit 21, and transmits the received operation sequence "back operation, right flick" to the information processing device 1 in association with the terminal identifier "B".

In the information processing device 1, the reception unit 12 receives the above operation sequence paired with the terminal identifier "B", and the processing unit 13 uses the received operation sequence to compose operation information (back operation, right flick) paired with the terminal identifier "B". The authentication unit 131 uses the authentication information 2 having the terminal identifier "B" to determine that the composed operation information is valid because the composed operation information "back operation, right flick" matches the operation information (back operation, right flick) contained in the authentication information 2, and obtains a judgment result of "valid". In response to the obtained judgment result of "valid", the authentication result processing unit 132 allows login from the terminal device 2B.

If the sequence of operations input by user B is composed of, for example, two operations 1 and 2, where operation 1 is a back operation and operation 2 is a back operation, the operation information composed of such a sequence of operations does not match the operation information contained in authentication information 2, and therefore the authentication unit 131 determines that the operation information is invalid and obtains a judgment result of "invalid." In response to the obtained judgment result of "invalid," the authentication result processing unit 132 rejects login from terminal device 2B and performs error processing.

For example, as shown in the upper part of FIG. 6, a screen including two folders 1 and 2 (F1 and F2 in FIG. 6) and three icons 1 to 3 (I1 to I3 in FIG. 6) is displayed on the display of terminal device 2C, and when user C inputs a sequence of operations via the touch panel of terminal device 2C, the operation is as follows. The input sequence of operations is made up of three operations 1 to 3, where operation 1 is an operation of touching folder 1, operation 2 is an operation of touching icon I5 in folder 1, and operation 3 is an operation of touching icon I4 in folder 1.

In the terminal device 2C, the terminal reception unit 22 receives the above operation sequence "Folder 1, Icon 5, Icon 4", and the terminal output unit 26 outputs two icons 4 and 5 (I4 and I5 in the figure) in folder 1 in response to the initial touch on folder 1, as shown in the lower part of FIG. 6, and in response to the next touch on icon 5, highlights icon 5, as shown in the lower left part of FIG. 6, and in response to the next touch on icon 4, highlights icon 4.

As a result, the display screen transitions from the top of FIG. 6 to the bottom left of FIG. 6, and from the bottom left of FIG. 6 to the bottom right of FIG. 6. The terminal transmission unit 23 acquires the terminal identifier "C" from the terminal storage unit 21, and transmits the accepted operation sequence "folder, icon 5, icon 4" to the information processing device 1 in association with the terminal identifier "C."

In the information processing device 1, the reception unit 12 receives the above operation sequence paired with the terminal identifier "C", and the processing unit 13 uses the received operation sequence to construct operation information (folder 1, icon 5, icon 4) paired with the terminal identifier "C". The authentication unit 131 uses the authentication information 3 having the terminal identifier "C" to determine that the constructed operation information is legitimate because the constructed operation information "folder, icon 5, icon 4" matches the operation information (folder, icon 5, icon 4) contained in the authentication information 3, and obtains a judgment result of "legitimate". In response to the obtained judgment result of "legitimate", the authentication result processing unit 132 allows login from the terminal device 2C.

If the sequence of operations input by user C is, for example, composed of three operations 1 to 3, where operation 1 is an operation of touching folder 1, operation 2 is an operation of touching icon I4 in folder 1, and operation 3 is an operation of touching icon I5 in folder 1, the operation information composed of this sequence of operations does not match the operation information contained in the authentication information 3, so the authentication unit 131 determines that the operation information is invalid and obtains a judgment result of "invalid." In response to the obtained judgment result of "invalid," the authentication result processing unit 132 rejects login from terminal device 2C and performs error processing.

As described above, according to this embodiment, the authentication information storage unit 111 stores one or more pieces of authentication information having operation information related to two or more operations by a user, and the information processing device 1 accepts an operation sequence which is a set of two or more operations, or operation information acquired from the operation sequence, and uses the operation information acquired from the accepted operation sequence, or the accepted operation information, to refer to the authentication information stored in the authentication information storage unit 111 and perform authentication processing to determine whether the operation information is valid or not, and performs processing according to the result of the authentication processing, thereby providing a server that performs authentication using an operation sequence which is a set of two or more operations.

In addition, in the above configuration, since each of the two or more operations is an operation related to a screen transition of the terminal device 2, the information processing device 1 can provide a server that performs authentication using an operation sequence related to the screen transition of the terminal device 2.

In addition, in the above configuration, each of the two or more operations is an operation within one app or one window, so that the information processing device 1 can provide a server that performs authentication using a sequence of operations within one app or one window.

In addition, in the above configuration, the authentication information storage unit 111 stores one or more pieces of authentication information having operation information and a terminal identifier that identifies the terminal device 2, and the information processing device 1 receives an operation sequence or operation information acquired from the operation sequence and a terminal identifier from the terminal device 2, and performs an authentication process to determine whether or not authentication information having operation information acquired from the received operation sequence or the received operation information and a terminal identifier exists in the authentication information storage unit 111. By doing so, the information processing device 1 can provide a server that performs authentication using an operation sequence that is a set of two or more operations received from one or two or more terminal devices 2 and a terminal identifier.

In addition, in the above configuration, the processing according to the result of the authentication processing is processing for logging in to the information processing device 1, so that the information processing device 1 performs authentication using an operation sequence, which is a set of two or more operations received from one or more terminal devices 2, and a terminal identifier, and can provide a server that allows login from the terminal device 2.

In addition, the information processing device 1 accepts an operation sequence consisting of operations from the operation following the start operation, which is an operation for acquiring an operation sequence for authentication, to the operation before the end operation, which is an end operation for acquiring an operation sequence for authentication, or operation information acquired from the operation sequence, in association with a terminal identifier, and stores the operation information acquired from the accepted operation sequence, or authentication information having the accepted operation information and the terminal identifier, in the authentication information storage unit 111, thereby registering the operation sequence in association with the terminal identifier, thereby providing a server that performs authentication using the operation sequence for each of one or more terminal devices 2.

In this embodiment, the authentication information storage unit 111 stores two or more pieces of operation information related to two or more operations by the user as authentication information, but each of the two or more pieces of operation information may be stored in association with position information related to the position of the operation. The position information may be, for example, position information (e.g., a pair of x and y coordinates) of the touch position when a finger touches the screen in each operation, or position information on the screen of a design such as an icon or folder selected in each operation (e.g., a pair of row number and column number).

In detail, the reception unit 12 receives each piece of operation information together with the location information, and the registration unit 133 stores each piece of received operation information in the authentication information storage unit 111 in pairs with the location information received together with the operation. The authentication unit 131 can increase the strength of authentication by performing authentication taking into account the location information in addition to the operation information.

The position information is not limited to information about a position as described above, but may be, for example, information about the amount of movement. The amount of movement is, for example, the amount of movement of the touch position when a finger touches the screen in each operation (for example, a combination of the amount of movement in the x-axis direction and the amount of movement in the y-axis direction). In this way, by using the movement information of the touch position for authentication, it is possible to increase the authentication strength.

Alternatively, the amount of movement may be, for example, the amount of movement of a design such as an icon selected in each operation (for example, a set of the amount of movement in the x-axis direction and the amount of movement in the y-axis direction). The amount of movement of the design may be, for example, considered to be the amount of movement of the mouse. Specifically, for example, when the information processing device 1 is a personal computer and an application is started by double-clicking a shortcut placed on the desktop with the mouse, the user may first select the shortcut with a single click of the mouse, move the selected shortcut by sliding the mouse, and then double-click the mouse to start the application. In this way, by also using mouse movement information for authentication, the authentication strength can be increased.

The processing in this embodiment may be realized by software. This software may be distributed by software download or the like. This software may also be recorded on a recording medium such as a CD-ROM and distributed. This also applies to the other embodiments in this specification. The software that realizes the information processing device in this embodiment is, for example, a program such as the following.

In other words, the authentication information storage unit 111 stores one or more pieces of authentication information having operation information related to two or more operations by a user, and this program causes the computer to function as a reception unit 12 that receives an operation sequence, which is a set of two or more operations, or operation information acquired from the operation sequence, an authentication unit 131 that performs authentication processing using the operation information acquired from the operation sequence accepted by the reception unit 12 or the operation information accepted by the reception unit 12 to refer to the authentication information stored in the authentication information storage unit 111 and determine whether the operation information is valid, and an authentication result processing unit 132 that performs processing according to the result of the authentication processing.

(Embodiment 2)
7 is a block diagram of information processing device 10 according to the present embodiment. Information processing device 10 includes a storage unit 101, a reception unit 102, a processing unit 103, and an output unit 104. Storage unit 101 includes an authentication information storage unit 1011. Processing unit 103 includes an authentication unit 1031, an authentication result processing unit 1032, and a registration unit 1033.

Each of the elements 101 to 104, 1011, and 1031 to 1033 constituting the information processing device 10 operates in the same manner as each of the elements 11 to 14, 111, and 131 to 133 constituting the information processing device 1 in embodiment 1, except for the following points.

The storage unit 101 stores a terminal identifier and one or more pieces of screen configuration information.

The authentication information storage unit 111 stores one or more pieces of authentication information, but the authentication information storage unit 1011 typically stores only one piece of authentication information.

The reception unit 12 typically receives an operation sequence or operation information from one or more terminal devices 2 in association with a terminal identifier, but the reception unit 102 receives the operation sequence or operation information via an input device such as a keyboard or a touch panel.

For each of one or more terminal identifiers, the authentication unit 131 performs authentication processing to determine whether or not the operation information is valid by referring to authentication information corresponding to the terminal identifier among one or more pieces of authentication information stored in the authentication information storage unit 1011, but the authentication unit 1031 performs authentication processing to determine whether or not the operation information is valid by referring to one piece of authentication information stored in the authentication information storage unit 1011.

For each of one or more terminal identifiers, the authentication result processing unit 132 performs processing according to the result of the authentication process that references the authentication information corresponding to that terminal identifier, whereas the authentication result processing unit 1032 performs processing according to the result of the authentication process based on one piece of authentication information.

In the first embodiment, the processing according to the result of the authentication processing was, for example, processing for permitting login to the information processing device 1 from one or more terminal devices 2, but in the present embodiment, it is processing for, for example, unlocking the screen or enabling the use of one or more apps within the information processing device 10.

The registration unit 133 stores one or more pieces of authentication information having operation information and a terminal identifier in the authentication information storage unit 111, whereas the registration unit 1033 stores one piece of authentication information having operation information in the authentication information storage unit 1011. However, the authentication information in this embodiment may also have operation information and a terminal identifier.

The operation of the information processing device 10 is basically the same as that described in the first embodiment using the flowcharts of Figs. 2 and 3. However, whereas in the first embodiment, the operation sequence and the like are normally received from the terminal device 2, in the present embodiment, the operation sequence and the like are normally received via an input device such as a touch panel.

A specific example of the operation of the information processing device 10 is basically the same as the specific example of the operation of the information processing device 1 constituting the information system in embodiment 1, except for the following. That is, the information processing device 1 receives operation sequences, etc. from each of the two or more terminal devices 2A-2C, but the information processing device 10 accepts the operation sequences, etc. via an input device. Also, the information processing device 1 performs authentication and other processes for each of the two or more terminal devices 2A-2C, but the information processing device 10 only performs authentication and other processes related to the information processing device 10 itself. Furthermore, the information processing device 1 transmits screens, etc. to each of the two or more terminal devices 2A-2C, but the information processing device 10 outputs the screens, etc. via an output device.

As described above, according to this embodiment, the authentication information storage unit 1011 stores one or more pieces of authentication information having operation information related to two or more operations by a user, and the information processing device 10 accepts an operation sequence which is a set of two or more operations, or operation information acquired from the operation sequence, and performs authentication processing to determine whether the operation information is valid by referring to the authentication information stored in the authentication information storage unit 1011 using the operation information acquired from the accepted operation sequence, or the accepted operation information, and performs processing according to the result of the authentication processing, thereby providing a terminal device that performs authentication using an operation sequence which is a set of two or more operations.

In addition, in the above configuration, since each of the two or more operations is an operation related to a screen transition of the terminal device, the information processing device 10 can provide a terminal device that performs authentication using an operation sequence related to the screen transition of the terminal device.

In addition, in the above configuration, each of the two or more operations is an operation within one app or one window, so that the information processing device 10 can provide a terminal device that performs authentication using a sequence of operations within one app or one window.

In addition, in the above configuration, the processing according to the result of the authentication processing is processing for unlocking the screen, so that the information processing device 10 can provide a terminal device that performs authentication using an operation sequence and unlocks the screen.

In addition, in the above configuration, the processing according to the result of the authentication processing is processing for enabling one or more apps, so that the information processing device 10 can provide a terminal device that performs authentication using an operation sequence and enables the use of apps.

In addition, the information processing device 10 accepts an operation sequence consisting of operations from the operation following the start operation, which is an operation for acquiring an operation sequence for authentication, to the operation before the end operation, which is an end operation for acquiring an operation sequence for authentication, or operation information acquired from the operation sequence, in association with a terminal identifier, and accumulates the operation information acquired from the accepted operation sequence, or authentication information having the accepted operation information and the terminal identifier, in the authentication information storage unit 1011, thereby registering the operation sequence in association with the terminal identifier, thereby making it possible to provide a terminal device that performs authentication using the operation sequence for the terminal device.

The processing in this embodiment may be realized by software. This software may be distributed by software download or the like. This software may also be recorded on a recording medium such as a CD-ROM and distributed. This also applies to the other embodiments in this specification. The software that realizes the information processing device 10 in this embodiment is, for example, a program such as the following.

In other words, the authentication information storage unit 1011 stores one or more pieces of authentication information having operation information related to two or more operations by a user, and this program causes the computer to function as a reception unit 102 that receives an operation sequence, which is a set of two or more operations, or operation information acquired from the operation sequence, an authentication unit 1031 that performs authentication processing using the operation information acquired from the operation sequence accepted by the reception unit 102 or the operation information accepted by the reception unit 102 to refer to the authentication information stored in the authentication information storage unit 1011 and determine whether the operation information is valid, and an authentication result processing unit 1032 that performs processing according to the result of the authentication processing.

Figure 8 is an external view of a computer system 900 that executes a program in this embodiment to realize an information processing device 1, etc. This embodiment can be realized by computer hardware and a computer program executed thereon. In Figure 8, the computer system 900 includes a computer 901 including a disk drive 905, a keyboard 902, a mouse 903, and a display 904. Note that the entire system including the keyboard 902, mouse 903, and display 904 may also be referred to as a computer.

Figure 9 is a diagram showing an example of the internal configuration of a computer system 900. In Figure 9, the computer 901 includes, in addition to a disk drive 905, an MPU 911, a ROM 912 for storing programs such as a boot-up program, a RAM 913 connected to the MPU 911 for temporarily storing instructions for application programs and providing temporary storage space, a storage 914 for storing application programs, system programs, and data, a bus 915 for interconnecting the MPU 911, the ROM 912, etc., and a network card 916 for providing a connection to networks such as an external network and an internal network. The storage 914 is, for example, a hard disk, an SSD, or a flash memory.

The program that causes the computer system 900 to execute the functions of the information processing device 1, etc., may be stored on a disk 921, such as a DVD or CD-ROM, inserted into the disk drive 905, and transferred to the storage 914. Alternatively, the program may be sent to the computer 901 via a network and stored in the storage 914. The program is loaded into the RAM 913 when executed. The program may be loaded directly from the disk 921 or the network. The program may also be read into the computer system 900 via another removable recording medium (e.g., a DVD or a memory card) instead of the disk 921.

The program 901 showing details of the computer does not necessarily have to include an operating system (OS) for executing functions of the information processing device 1, or a third party program, etc. The program may include only an instruction portion for calling appropriate functions or modules in a controlled manner to obtain a desired result. How the computer system 900 operates is well known, and a detailed description will be omitted.

The above-mentioned computer system 900 is a server or a desktop PC, but the terminal device 2 may be realized as a mobile terminal such as a smartphone, a tablet terminal, or a notebook PC. In this case, it is desirable to replace the keyboard 902 and mouse 903 with a touch panel, the disk drive 905 with a memory card slot, and the disk 921 with a memory card, for example. However, the above is an example, and the hardware configuration of the computer that realizes the information processing device 1, etc. is not important.

In the above program, the transmission step of transmitting information and the reception step of receiving information do not include processing performed by hardware, such as processing performed by a modem or interface card in the transmission step (processing that is performed only by hardware).

The program may be executed by a single computer or multiple computers. In other words, the program may be executed by centralized processing or distributed processing.

It goes without saying that in each of the above embodiments, two or more communication means (such as the terminal transmitting unit 23 and the terminal receiving unit 24) present in one device may be realized physically in one medium.

In addition, in each of the above embodiments, each process (each function) may be realized by centralized processing in a single device (system), or may be realized by distributed processing among multiple devices.

The present invention is not limited to the above-described embodiment, and various modifications are possible, and it goes without saying that these are also included within the scope of the present invention.

As described above, the information processing device according to the present invention has the effect of providing a mechanism for performing authentication using an operation sequence that is a set of two or more operations, and is useful as an information processing device, etc.

Reference Signs List 1, 10 Information processing device 2 Terminal device 11, 101 Storage unit 11, 101 Each element 12, 102 Reception unit 13, 103 Processing unit 14, 104 Output unit 21 Terminal storage unit 22 Terminal reception unit 23 Terminal transmission unit 24 Terminal reception unit 25 Terminal processing unit 26 Terminal output unit 111, 1011 Authentication information storage unit 131, 1031 Authentication unit 132, 1032 Authentication result processing unit 133, 1033 Registration unit

Claims (8)

an authentication information storage unit for storing one or more pieces of authentication information having operation information related to two or more operations by a user, the operation information being related to a screen transition which is a state change from a state in which one screen is displayed to a state in which a next screen or a previous screen is displayed among two or more screens having a sequence, or a screen transition which is a repetition of the state change two or more times;
a reception unit that receives an operation sequence, which is a set of operations related to a screen transition, or operation information acquired from the operation sequence;
an authentication unit that performs an authentication process that uses operation information acquired from an operation sequence accepted by the acceptance unit or the operation information accepted by the acceptance unit, and refers to authentication information stored in the authentication information storage unit, and determines whether the operation information is valid;
an authentication result processing unit that performs processing according to a result of the authentication processing,
An information processing device, wherein the operation information is information including two or more screen identifiers, or information including information indicating an operation to go back a screen and information indicating an operation to go forward a screen. The information processing device according to claim 1, further comprising a registration unit that stores in the authentication information storage unit operation information acquired from an operation sequence accepted by the acceptance unit, or authentication information having the operation information accepted by the acceptance unit and a terminal identifier. The reception unit is
accepting an operation sequence consisting of operations from a start operation, which is an operation for acquiring an operation sequence for authentication, to an end operation, which is an end operation for acquiring an operation sequence for authentication, or operation information acquired from the operation sequence, in association with a terminal identifier;
2. The information processing apparatus according to claim 1, further comprising a registration unit configured to store in the authentication information storage unit operation information acquired from an operation sequence received by the reception unit, or authentication information having the operation information received by the reception unit and the terminal identifier. The authentication information includes one or more image identifiers that identify images of folders or icons;
The registration unit is
4. The information processing device according to claim 2, further comprising a process for prompting registration of the authentication information when a position of one or more patterns identified by the one or more pattern identifiers is changed. An information processing method implemented by an authentication information storage unit, a reception unit, an authentication unit, and an authentication result processing unit, in which one or more pieces of authentication information having operation information related to two or more operations by a user are stored, the operation information being related to a screen transition which is a state change from a state in which one screen is displayed to a state in which a next screen or a previous screen is displayed among two or more screens having a sequence, or an operation related to a screen transition which is a repetition of the state change two or more times,
a receiving step in which the receiving unit receives an operation sequence which is a set of operations related to screen transitions, or operation information acquired from the operation sequence;
an authentication step in which the authentication unit performs an authentication process of determining whether or not the operation information is valid by referring to authentication information stored in the authentication information storage unit using operation information acquired from the operation sequence accepted by the acceptance unit or the operation information accepted by the acceptance unit;
an authentication result processing step in which the authentication result processing unit performs processing according to a result of the authentication processing;
An information processing method, wherein the operation information is information including two or more screen identifiers, or information including information indicating an operation to go back a screen and information indicating an operation to go forward a screen. 6. An information processing method according to claim 5, which is realized by the authentication information storage unit, the reception unit, the authentication unit, the authentication result processing unit, and a registration unit,
6. The information processing method according to claim 5, further comprising a registration step in which the registration unit accumulates in the authentication information storage unit operation information obtained from the operation sequence accepted in the reception step, or authentication information having the operation information accepted in the reception step and a terminal identifier. a computer that can access an authentication information storage unit in which one or more pieces of authentication information are stored, the authentication information having operation information relating to two or more operations by a user, the operation information being a screen transition that is a state change from a state in which one screen is displayed to a state in which a next screen or a previous screen is displayed among two or more screens having a sequence, or a screen transition that is a repetition of the state change two or more times;
a reception unit that receives an operation sequence, which is a set of operations related to a screen transition, or operation information acquired from the operation sequence;
an authentication unit that performs an authentication process that uses operation information acquired from an operation sequence accepted by the acceptance unit or the operation information accepted by the acceptance unit, and refers to authentication information stored in the authentication information storage unit, and determines whether the operation information is valid;
A program for causing an authentication result processing unit to perform processing according to a result of the authentication processing,
The operation information is information including two or more screen identifiers, or information including information indicating an operation to go back a screen and information indicating an operation to go forward a screen. The computer,
The program according to claim 7, further functioning as a registration unit that accumulates in the authentication information storage unit operation information acquired from an operation sequence accepted by the acceptance unit, or authentication information having the operation information accepted by the acceptance unit and a terminal identifier.

Images