[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2007029849A1 - Procede et systeme de gestion de mots de passe personnels, appareil et programme d'assistance a l'association de mots de passe personnels et serveur d'authentification - Google Patents

Procede et systeme de gestion de mots de passe personnels, appareil et programme d'assistance a l'association de mots de passe personnels et serveur d'authentification Download PDF

Info

Publication number
WO2007029849A1
WO2007029849A1 PCT/JP2006/317943 JP2006317943W WO2007029849A1 WO 2007029849 A1 WO2007029849 A1 WO 2007029849A1 JP 2006317943 W JP2006317943 W JP 2006317943W WO 2007029849 A1 WO2007029849 A1 WO 2007029849A1
Authority
WO
WIPO (PCT)
Prior art keywords
association
identification information
inducing
user
user identification
Prior art date
Application number
PCT/JP2006/317943
Other languages
English (en)
Inventor
Haruyoshi Suzuki
Original Assignee
Fuji Film Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fuji Film Corporation filed Critical Fuji Film Corporation
Publication of WO2007029849A1 publication Critical patent/WO2007029849A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • PERSONAL PASSWORD MANAGEMENT METHOD PERSONAL PASSWORD ASSOCIATION ASSISTANCE APPARATUS
  • PERSONAL PASSWORD ASSOCIATION ASSISTANCE PROGRAM PERSONAL PASSWORD MANAGEMENT SYSTEM AND AUTHENTICATION SERVER
  • the present invention relates to technology whereby an individual person can easily manage a plurality of passwords.
  • the password may have to be changed periodically due to system requirements, and this is another factor which increases the volume of passwords that have to be managed by the individual.
  • One method of managing a plurality of passwords is to store a table indicating which password to be entered in which login screen, inside the computer, or to make a memorandum on paper, and to rewrite and update the table each time a password is added, or an invalid password occurs.
  • Japanese Patent Application Laid-OpenNo. 2004-295711 discloses that information on network system users is managed centrally on an authentication server, and a password management section creates and manages device-specific-passwords which combine a basic password designated by the user with a token that can be recognized easily by the user. Furthermore, a function is provided for storing password information in a portable terminal and presenting a password corresponding to a server desired by the user.
  • 2004-295711 concerns a system which creates specific passwords for a plurality of devices present in a single well-defined and managed system, by taking a basic password and adding information (tokens) such as a device specific name or fixed IP address, before or after the basic password. In other words, it can only be applied to a single well managed system, and it cannot be used for the management of a plurality of passwords corresponding to a plurality of independently designed systems having different owners.
  • Japanese Patent Application Laid-Open No. 2004-295711 merely provides user convenience from the system side, and it does not make any reference to the fundamental problem of how one user is able to cope with an infinite variety of separately designed systems.
  • the present invention has been contrived in view of such circumstances, an object thereof being to provide technology whereby passwords required by a wide variety of different systems can be managed centrally on the user side.
  • the present invention is directed to a personal password management method, comprising the steps of: accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; accepting entering of one of the pieces of the user identification information for one of the authentication services; retrieving one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and notifying the one of the association-inducing words retrieved from the database.
  • the present invention is also directed to a personal password management method, comprising the steps of: accepting registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for a particular user, a password for a particular authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the particular user in the particular authentication service; storing the association-inducing word for which the registration has been accepted, in a database, in association with the user identification information for the particular authentication service; accepting entering of the user identification information for the particular authentication service through a login screen of the particular authentication service; retrieving the association-inducing word corresponding to the entered user identification information for the particular authentication service through the login screen, from the database; and notifying the association-inducing word retrieved from the database.
  • the present invention is also directed to a personal password management method, comprising the steps of: accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; accepting entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; retrieving, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered through the prescribed single login screen; and notifying the one of the association-inducing words retrieved from the database.
  • a particular authentication service is used from a plurality of authentication services that exist, then when user identification information is entered through a login screen, the association-inducing word that is registered as desired by the user is notified to the user. The user is then able, uniquely him or herself, to associate the notified association-inducing word with the password to be used in that authentication service. Consequently, the user is able to reconstruct and use, easily and accurately, a plurality of passwords that he or she has set previously with respect to a plurality of different authentication services.
  • the passwords that are the objects of the present invention include items having similar characteristics, such as a PIN (Personal Identification Number), a code number, or the like.
  • association-inducing words may be registered in the servers of the respective authentication services, or they may be registered in the user terminal. In particular, if the association-inducing words are registered in the user terminal, then it is not necessary to especially provide a set-up for registering association-inducing words in the servers of the authentication services.
  • each of the passwords is composed of a password stem which is a prescribed character string common to the passwords, and a corresponding one of the association-inducing words.
  • an authentication server for an authentication service comprising: a registration section which accepts, through a terminal used by a user, registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for the user, a password for the authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the user in the authentication service; a database which stores the association-inducing word for which the registration has been accepted by the registration section, in association with the user identification information; a login screen presenting section which presents a login screen in which entering of the user identification information and the password is accepted, to the terminal in accordance with a request from the terminal; a user identification information entering section which accepts entering of the user identification information for the authentication service, through the login screen; a retrieving section which retrieves, from the database, the association-inducing word corresponding to the user identification information entered through the login screen; and a notifying section which notifies the
  • the present invention is also directed to a personal password association assistance apparatus, comprising: a registration section which accepts, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a database which stores the association-inducing words for which the registration has been accepted for the desired authentication services by the registration section, in association with the pieces of the user identification information for the desired authentication services; a user identification information entering section which accepts entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; a retrieving section which retrieves, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered to the user identification information entering section; and
  • the present invention is also directed to a personal password management system, comprising: a registration section which accepts, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a database which stores the association-inducing words for which the registration has been accepted by the registration section, in association with the pieces of the user identification information for the desired authentication services; a user identification information entering section which accepts entering of one of the pieces of the user identification information for one of the authentication services; a retrieving section which retrieves one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and a notifying section which notifies the one of the association-inducing words retrieved from the
  • the present invention is also directed to a computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a second code segment for a step of storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; a third code segment for a step of accepting entering of one of the pieces of the user identification information for one of the authentication services; a fourth code segment for a step of retrieving one of the association-inducing words corresponding to the entered one of the pieces of the user
  • the present invention is also directed to a computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for a particular user, a password for a particular authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the particular user in the particular authentication service; a second code segment for a step of storing the association-inducing word for which the registration has been accepted, in a database, in association with the user identification information for the particular authentication service; a third code segment for a step of accepting entering of the user identification information for the particular authentication service through a login screen of the particular authentication service; a fourth code segment for a step of retrieving the association-inducing word corresponding to the entered user identification information for the particular authentication service through the login screen, from the database; and a fifth code segment for a step
  • the present invention is also directed to a computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a second code segment for a step of storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; a third code segment for a step of accepting entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; a fourth code segment for a step of retrieving, from the database, one of the association-inducing
  • the present invention when using a particular authentication service from a plurality of authentication services that exist, if user identification information is entered through a login screen, an association-inducing word that is registered as desired by the user is notified. The user is then able, uniquely, to associate the notified association-inducing word with the password to be used in that authentication service. Consequently, the user is able to recompose and use, easily and accurately, a plurality of passwords that he or she has set previously with respect to a plurality of different authentication services.
  • Fig. 1 is a block diagram of an authentication system according to a first embodiment of the present invention
  • Fig. 2 is a diagram showing a registration form according to the first embodiment
  • Fig. 3 is a diagram showing an authentication form according to the first embodiment
  • Fig. 4 is an illustrative schematic drawing of information stored in an authentication database according to the first embodiment
  • Fig. 5 is a block diagram of an authentication system according to a second embodiment of the present invention.
  • Fig. 6 is an illustrative schematic drawing of information stored in an authentication database according to the second embodiment
  • Fig. 7 is an illustrative schematic drawing of information stored in an association-inducing word database according to the second embodiment
  • Fig. 8 is a diagram showing an authentication form according to the second embodiment.
  • Fig. 1 is a block diagram of a personal authentication system according to a preferred embodiment of the present invention.
  • a client 1 constituted by a personal computer or an information terminal, and a plurality of authentication servers 2a and 2b (also referred to generally as “authentication server 2") are connected together through a network 3, such as the Internet.
  • a network 3 such as the Internet.
  • the authentication server 2 is used to authenticate specific users for a variety of services, such as community websites and commercial websites.
  • a web browser 11 provided in the client 1 receives and displays a web page sent by web servers 21a and 21b (also referred to generally as "web server 21") provided in the authentication servers 2.
  • the web server 21 sends a registration form (registration screen) which is a web page for registering a password, or an authentication form (login screen) which is a web page for user authentication, to the client 1, and at the client 1, the user enters a user ID and a password into the registration form or authentication form, by operating an operating section 12 including an input device such as a keyboard and a mouse, and then sends same to the web server 21.
  • the registration form sent by the web server 21a and the registration form sent by the web server 21b are independent and have absolutely no relation to each other. In order to distinguish between them, the registration form sent by the web server 21a is referred to as RFl, and the registration form sent by the web server 21b is referred to as RF2.
  • the authentication form sent by the web server 21a and the authentication form sent by the web server 21b are independent and have absolutely no relation to each other. In order to distinguish between them, the authentication form sent by the web server 21a is referred to as AFl, and the authentication form sent by the web server 21b is referred to as AF2.
  • the authentication servers 2a and 2b respectively comprise: authentication databases (DB) 23a and 23b (also referred to generally as “authentication database 23”), which store a unique user ID set independently for each user and a password determined as desired by each user; authentication sections 22a and 22b (also referred to generally as “authentication section 22") which compare the user ID and the password received from the client 1 with the user ID and the password stored in the authentication database 23, and authenticate the user depending on whether or not the user IDs and the passwords are matching; and password and association-inducing word registration sections 24a and 24b (also referred to generally as “registration sections 24a and 24b” or “registration section 24") which record desired passwords and association-inducing words (described hereinafter) entered by the user, in the authentication databases 23a and 23b.
  • DB authentication databases
  • two authentication servers 2a and 2b are shown as examples of a plurality of authentication servers; however, it is also possible to adopt a mode in which three or more authentication servers are connected to, or are connectable to, the client 1.
  • the authentication servers 2a and 2b are depicted as having the same compositions, and the respective blocks which constitute each server are denoted with the suffix "a" or "b" only when it is especially necessary to distinguish between them.
  • the authentication servers 2a and 2b, and the blocks which constitute them are mutually independent and have no relationship with each other.
  • the web browser 11 of the client 1 also has functions for sending information entered through the operating section 12, to the authentication server 2, and transferring this information to the authentication section 22 and the registration section 24 of the web server 21, which are constituted by CGI (Common Gateway Interface) programs, for example.
  • CGI Common Gateway Interface
  • Fig. 2 shows one embodiment of a registration form (registration screen).
  • the registration form is a graphical user interface on which the user can enter and specify items required for registering a password, by performing operations through the operating section 12.
  • the registration form contains: a user ID input box 201, to which a user ID that is unique identification information set previously for the user is entered; a password input box 202, to which any desired character string to be recorded as the password is entered; and an association-inducing word input box 203, to which an association-inducing word that is uniquely associated with the password by the user is entered.
  • a register button 210 is provided on the registration forms RFl and RF2.
  • the procedure for registering a new password in the authentication server 2a is described (since the procedure for registration in the authentication server 2b is exactly the same, then description thereof is omitted here).
  • the register button 210 on the registration form RFl is pressed, the web browser 11 sends the user ID entered in the user ID input box 201 , the password entered in the password input box 202 and the association-inducing word (which is normally a portion of a new password to be registered excluding a stem portion of the new password, which is described hereinafter) entered in the association-inducing word input box 203, are sent to the web server 21a.
  • the web server 21a transfers the user ID, the password and the association-inducing word received from the registration form RFl, to the registration section 24a.
  • the registration section 24a stores the user ID, the password and the association-inducing word transferred from the web server 21a, in a mutually associated fashion, in the authentication database 23 a.
  • Fig. 3 shows one embodiment of an authentication form (login screen).
  • the authentication form is a user interface on which the user can enter items required to receive authentication, in other words, the user ID and the password. More specifically, the authentication form contains: a user ID input box 204, to which the user ID is entered; and a password input box 205, to which the password is entered. Furthermore, an association-inducing word display box 206 in which the association-inducing word having been registered through the registration form is displayed is also provided.
  • a login button 220 is provided on the authentication forms AFl and AF2.
  • the procedure for logging in to the authentication server 2a is described (since the procedure for logging in to the authentication server 2b is exactly the same, then description thereof is omitted here).
  • the authentication form AF 1 firstly, when a user ID is entered to the user ID input box 204, the association-inducing word is sent from the system side to the association-inducing word display box 206. Upon seeing this association-inducing word, the user reconstructs the password that should be entered to the login screen, by combining the password stem and the association-inducing word, and the user enters the password to the password input box 205 and then presses the login button 220.
  • the login button 220 is pressed on the authentication form AFl , the web browser 11 sends the user ID entered in the user ID input box 204 and the password entered in the password input box 205, to the web server 21a.
  • the web server 21a transfers the user ID and the password received from the authentication form AFl, to the authentication section 22a.
  • the authentication section 22a compares the user ID and the password transferred from the web server 21a with the user ID and the password having been stored in the authentication database 23 a, and if the two are matching, the user is authenticated as a legitimate user.
  • Fig. 4 shows an illustrative schematic drawing of information stored in the authentication databases 23a and 23b.
  • An authentication table which mutually associates a "user ID", "password” and “association-inducing word”, is stored in the authentication databases 23 a and 23b.
  • the authentication table is created, stored and managed individually for each user.
  • the user ID corresponding to a particular user is stated as "XYZOl” in the authentication database 23a, and "UVWq" in the authentication database 23b, and the services run by the respective authentication servers 2a and 2b are set to be completely independent of each other.
  • the passwords "haruOOl” and “haru002” corresponding to the user ID are set as desired by the user, and a portion of the character strings of the passwords, "haru”, is common to both passwords.
  • "haru” corresponds to the password stem.
  • a user who accesses the authentication server 2 from the client 1 manages the password group used in the authentication server 2 in the following way.
  • the user designates a password stem which is simple and which he or she does not disclose to anyone at all, for the password group that is to be managed. For example, a string composed of five characters: x(l)x(2)x(3)x(4)x(5) is set as the password stem.
  • the password stem may be set to any desired length. The user then bears only the password stem in his or her mind.
  • the authentication server 2 stores the user ID, the password and the association-inducing word entered in the registration form, in a mutually associated fashion, in the authentication database 23.
  • the user ID and the password are managed in a mutually associated fashion, similarly to the related art, but the association-inducing word only needs to be stored in the authentication database 23 on the authentication server 2 side, in an associated fashion with the ID and the password.
  • the user enters the user ID to the user ID input box 204.
  • the web browser 11 judges whether or not entering of the user ID has completed. This judgment is made, for example, when the return key of the operating section 12 is pressed, or when the cursor is moved to a separate location, or the like. Alternatively, it is also possible that a separate button for indicating the end of the user ID entering is provided, and by pressing this button, the end of the user ID entering is reported to the system side.
  • the authentication section 22 retrieves the association-inducing word corresponding to the entered user ID, from the authentication database 23, and the authentication section 22 sends the retrieved association-inducing word to the client 1.
  • the web browser 11 Upon receiving the association-inducing word from the authentication server 2, the web browser 11 displays this association-inducing word in the association-inducing word display box 206. 7. The user sees the association-inducing word displayed in the association-inducing word display box 206, and he or she enters, into the password input box 205, the password stem x(l)x(2)x(3)x(4)x(5) kept in only his or her mind, and then continuously entering the association-inducing word a(l)a(2)a(3). In this case, the user has his or her own rule (in other words, a combination rule between the password stem and the association-inducing word) for creating the password "by adding the association-inducing word onto the end of the password stem".
  • the user can retrieve the association-inducing word from the authentication server 2 in the authentication step, and can immediately enter the whole of password without making any errors.
  • the key point of this method is that even if a third party finds out the association-inducing word a(l)a(2)a(3) only, then provided that the password stem x(l)x(2)x(3)x(4)x(5) remains unknown, and/or provided that the user's combination rule remains unknown, the third party is unable to break and reach the password.
  • the user designates one password stem (since there is only one password stem, then there is very little possibility of forgetting it), and association-inducing words which are to be appended to the password stem are then recorded in the authentication server 2. Therefore, the user in question is able to recompose the complete form of an individual password whenever it is required, while being able to keep the password secret from third parties.
  • the association-inducing word forms complete complementary information for the user him or herself, but any other person will not be able to tell what the real password is, from the association-inducing word only.
  • the password character string has a structure in which an association-inducing word composed of a 3-digit number is appended to the password stem; however, in general, there are no limits on the character strings and the character types of the password stem and the association-inducing word. For example, if “saori” is used as the association-inducing word, then “saori” is displayed in the association-inducing word display box 206, and hence following the combination rule of adding the association-inducing word after the password stem, the user should enter "x(l)x(2)x(3)x(4)x(5)saori" as the password.
  • a case is considered here in which a password is formed by placing the first three characters of the association-inducing word before the password stem, and placing the last two characters of the association-inducing word after the password stem.
  • the password will be tj 8x( 1 )x(2)x(3)x(4)x(5)03.
  • the last character of the association-inducing word composed of five characters is set to be a number, then an interpretation is settled in which a number of characters corresponding to this last character number from the start of the association-inducing word are placed in front of the password stem, and the remainder is placed after the password stem.
  • a rule is indicated whereby, of the association-inducing word "tj803", "tj8” is placed before the password stem, and "03" is placed after the password stem.
  • this rule itself is indicated after a hyphen at the very end of the association-inducing word (e.g., tj803-3), for example.
  • the key point is that only the true user who registered the information will be able to immediately remember the combination rule to be used and the password to be reconstructed, from the association-inducing word.
  • the password stem and the character string appended to the password stem can be set to any length, and needless to say, the longer these character strings, the higher the level of security.
  • association-inducing word rather than incorporating the association-inducing word directly into the password, it is also possible to create a one-to-one correspondence between the association-inducing word and the password, provided that the combination rule can be remembered readily by the user. For instance, if “precious” is set as the password stem, "daughter” is set as the association-inducing word, the name of the user's own daughter is “saori”, and “precioussaori” is set as the password, then upon login, the user sees the display of the association-inducing word "daughter”, immediately remembers "saori", which is the name of the user's own daughter, and is able to enter "precioussaori” as the password. This is based on a mapping rule that is set only in the user's own mind, and therefore it further increases the level of security by which the password is protected from other people.
  • the added portion apart from the stem portion of the password can be any character string that the user him or herself can reliably associate with on a one-to-one basis from the association-inducing word, and hence this method has very good general usability. It is also possible to adopt various modifications and adaptations with regard to how the associated character string ("saori", in the aforementioned example) and the password stem are to be combined to compose the password, on the basis of rules decided by the user in his or her own mind (these rules may be calculation by means of a mathematical formula, or the like).
  • association-inducing word display box 206 to display the association-inducing word is not prepared, and the association-inducing word is displayed conveniently in the password input box 205.
  • the association-inducing word may be sent to any electrical equipment carried by the user, such as a mobile telephone and a personal digital assistant (PDA), and displayed on that equipment, or a voice message corresponding to the association-inducing word may be transmitted and reproduced, thereby notifying the word to the user.
  • PDA personal digital assistant
  • any specific composition may be adopted.
  • the present invention is also directed to a program which causes a computing apparatus or a storage apparatus of a personal computer or server to function as the authentication section 22, the authentication database 23, and the registration section 24.
  • each authentication server 2 independently sends a registration form (registration screen) and an authentication form (login screen) to the client 1, and the registration of the association-inducing word entered in the registration form, and the retrieval of the association-inducing word corresponding to the user ID entered in the authentication form, are carried out by each authentication server 2.
  • registration form registration screen
  • authentication form login screen
  • a single pair of registration form and authentication form is managed completely on the client side, and when registering or logging on to an actual website, then the inputs are linked automatically from each form to the prescribed boxes (user ID and password boxes) of the registration screen or the login screen of the actual website.
  • the first embodiment cannot be achieved unless the systems of many different actual websites incorporate the concept of using association-inducing words, whereas the second embodiment provides means of applying the method of the present invention on the user side (client side), even if many different actual websites remain as they are at present (using only user ID and password boxes). Since the registration system is relatively simple, the following description centers on the actions of the authentication system which also includes actions of the registration system.
  • Fig. 5 is a block diagram of an authentication system according to the second embodiment.
  • the client 1 comprises an association-inducing word database 14 and an association-inducing word retrieval section 13.
  • the authentication databases 23 a and 23b of the authentication servers 2a and 2b store the user IDs and the passwords in a mutually associated fashion; however, in contrast to the first embodiment, they do not store the association-inducing words.
  • the authentication database 23a stores "XYZOl” as a user ID and “haruOOl” as a password, in mutually associated fashion
  • the authentication database 23b stores "UVWq" as a user ID and "haruO02" as a password, in a mutually associated fashion
  • Fig. 7 is an illustrative schematic drawing of an association-inducing word management table stored in the association-inducing word database 14. As shown in Fig. 7, the association-inducing word management table stores the items, "website (login screen page)", “user ID” and “association-inducing word”, in a mutually associated fashion.
  • association-inducing word management table may be acquired illegitimately by a third party, then no password is included in this table.
  • the web browser 11 displays a single prescribed authentication form (login screen) which corresponds to all of the authentication servers 2a and 2b to be accessed by the user.
  • Fig. 8 shows an authentication form which is used both as an authentication form Fl for the authentication server 2a of an "Online Bank A", and an authentication form F2 for the authentication server 2b of an "Online Store B". This form is prepared in advance in the client 1, and therefore it does not need to be supplied by the authentication servers 2.
  • the client 1 is provided with the association-inducing word retrieval section 13.
  • the association-inducing word retrieval section 13 retrieves the association-inducing word corresponding to the user ID used in the authentication server 2 accessed by the user, from the association-inducing word database 14, and outputs the retrieved association-inducing word to the web browser 11.
  • the association-inducing word retrieval section 13 judges whether or not entering of the user ID has been completed. If it is judged that the entering of the user ID has been completed, then the association-inducing word retrieval section 13 retrieves the association-inducing word "001" corresponding to the user ID of the "Online Bank A", from the association-inducing word database 14. The association-inducing word retrieval section 13 outputs the retrieved association-inducing word to the web browser 11. The web browser 11 displays the association-inducing word received from the association-inducing word retrieval section 13, to the association-inducing word display box 206a for the "Online Bank A".
  • the user sees the association-inducing word displayed in the association-inducing word display box 206a, recomposes immediately the password, and then enters the password to the password input box 205a.
  • the web browser 11 transfers the user ID entered in the user ID input box 204a and the password entered in the password input box 205a, to the authentication form (login screen, see Fig. 3) prepared by the actual website (the authentication server 2a), and executes an equivalent command as if the actual login button prepared on the original login screen is pressed. Viewed from the website, it can be regarded as the same as if login has been performed at the website.
  • the authentication server 2a authenticates the user by comparing the user ID and the password received from the client 1 with the user ID and the password stored in the authentication database 23a.
  • the association-inducing word retrieval section 13 judges whether or not entering of the user ID has been completed. If it is judged that the entering of the user ID has been completed, then the association-inducing word retrieval section 13 retrieves the association-inducing word "002" corresponding to the user ID of the "Online Store B", from the association-inducing word database 14. The association-inducing word retrieval section 13 outputs the retrieved association-inducing word to the web browser 11. The web browser 11 displays the association-inducing word received from the association-inducing word retrieval section 13, to the association-inducing word display box 206b for the "Online Store B".
  • the user sees the association-inducing word displayed in the association-inducing word display box 206b, recomposes immediately the password, and then enters the password to the password input box 205b.
  • the web browser 11 transfers the user ID entered in the user ID input box 204b and the password entered in the password input box 205b, to the login screen of the actual website (the authentication server 2b).
  • the authentication server 2b authenticates the user by comparing the user ID and the password received from the client 1 with the user ID and the password stored in the authentication database 23b.
  • a computing apparatus and a storage apparatus of a personal computer or information terminal to function respectively as an association-inducing word retrieval section 13 and an association-inducing word database 14.
  • Client software of this kind can be regarded as relatively convenient to use, and a software package of this kind could also be marketed. It may be possible to embed this kind of software module as a single ICON in a tool bar of various Internet Browsers.
  • the present invention can be applied not only to Internet home pages, but also more broadly to general login systems using passwords in computers, digital appliances, mobile telephones, embedded devices, information equipment, and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé de gestion de mots de passe personnels qui inclut les étapes suivantes: acceptation, pour les services d'authentification souhaités respectifs, de l'enregistrement de mots induisant une association et composés de chaînes de caractères arbitraires qui font venir à l'esprit, uniquement pour un utilisateur particulier, une pluralité de mots de passe pour les services d'authentification, les mots de passe comprenant des chaînes de caractères arbitraires et correspondant à une pluralité d'informations d'identification utilisateur précédemment établies pour identifier l'utilisateur particulier dans les services d'authentification, le stockage des mots induisant une association pour lesquels l'enregistrement a été accepté pour les services d'authentification souhaités, dans une base de données, en association avec les informations d'identification utilisateur pour les services d'authentification, l'acceptation de la saisie de l'une des informations d'identification utilisateur pour l'un des services d'authentification, la récupération de l'un des mots induisant une association correspondant à l'information d'identification utilisateur entrée pour le service d'authentification, à partir de la base de données, enfin la notification du mot récupéré et induisant une association.
PCT/JP2006/317943 2005-09-06 2006-09-05 Procede et systeme de gestion de mots de passe personnels, appareil et programme d'assistance a l'association de mots de passe personnels et serveur d'authentification WO2007029849A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2005258153A JP4623293B2 (ja) 2005-09-06 2005-09-06 個人パスワード管理方法、個人パスワード連想支援装置、個人パスワード連想支援プログラム、個人パスワード管理システム
JP2005-258153 2005-09-06

Publications (1)

Publication Number Publication Date
WO2007029849A1 true WO2007029849A1 (fr) 2007-03-15

Family

ID=37835960

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/317943 WO2007029849A1 (fr) 2005-09-06 2006-09-05 Procede et systeme de gestion de mots de passe personnels, appareil et programme d'assistance a l'association de mots de passe personnels et serveur d'authentification

Country Status (2)

Country Link
JP (1) JP4623293B2 (fr)
WO (1) WO2007029849A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5259275B2 (ja) * 2008-07-01 2013-08-07 京セラドキュメントソリューションズ株式会社 パスワード処理装置、画像形成装置およびパスワード処理プログラム
JP2010102637A (ja) * 2008-10-27 2010-05-06 Kddi Corp 数字列変換装置、ユーザ認証システム、数字列変換方法、およびプログラム
CN112346793B (zh) * 2020-09-18 2024-05-07 长沙市到家悠享网络科技有限公司 数据处理方法、装置、电子设备及计算机可读介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002342282A (ja) * 2001-05-16 2002-11-29 Komu Square:Kk 個人認証方法および個人認証システム
JP2004013865A (ja) * 2002-06-12 2004-01-15 Hitachi Ltd 連想記憶による本人認証方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0656610B2 (ja) * 1986-08-06 1994-07-27 沖電気工業株式会社 本人確認方式
JP3122549B2 (ja) * 1993-02-17 2001-01-09 シャープ株式会社 パスワード忘却防止システム
JP2000267958A (ja) * 1999-03-18 2000-09-29 Fujitsu Ltd 中継装置および記録媒体
JP2003288322A (ja) * 2002-03-28 2003-10-10 Fujitsu Ltd 識別情報管理方法、識別情報管理システム、コンピュータ、及びコンピュータプログラム

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002342282A (ja) * 2001-05-16 2002-11-29 Komu Square:Kk 個人認証方法および個人認証システム
JP2004013865A (ja) * 2002-06-12 2004-01-15 Hitachi Ltd 連想記憶による本人認証方法

Also Published As

Publication number Publication date
JP2007072702A (ja) 2007-03-22
JP4623293B2 (ja) 2011-02-02

Similar Documents

Publication Publication Date Title
US8140854B2 (en) User authentication method and user authentication system
US7103912B2 (en) User authorization management system using a meta-password and method for same
US7428750B1 (en) Managing multiple user identities in authentication environments
KR100816629B1 (ko) 회원 정보 등록 방법과 시스템 및 회원 인증 방법과 시스템
US8520848B1 (en) Secure password management using keyboard layout
US20080154774A1 (en) Systems and methods for managing access to real estate content
CN106416125A (zh) 用于虚拟机实例的自动目录加入
CN104428785A (zh) 使用图标的关键字的图标密码设定装置以及图标密码设定方法
CN113326488A (zh) 一种个人信息保护系统以及方法
JPWO2010050406A1 (ja) サービス提供システム
WO2007029849A1 (fr) Procede et systeme de gestion de mots de passe personnels, appareil et programme d'assistance a l'association de mots de passe personnels et serveur d'authentification
JP2003085141A (ja) シングルサインオン対応認証装置、ネットワークシステム、及びプログラム
JP2002016694A (ja) インターネットを用いた携帯電話機の電話番号管理システム
JP4633458B2 (ja) ネットワーク上のid管理システム
CN114995717B (zh) 一种多前端中台管理方法及系统
JP2002032372A (ja) 個人情報管理方法及びシステム、記録媒体
JP4993083B2 (ja) セッション管理装置、プログラム、及び記憶媒体
KR20040000713A (ko) 인터넷 도메인 정보를 이용한 사용자 인증 처리 장치 및그 방법
JP4300778B2 (ja) 個人認証システム,サーバ装置,個人認証方法,プログラム及び記録媒体。
TWI768307B (zh) 開源軟體整合方法
JP2003288343A (ja) 名簿システム
JP2008097205A (ja) 認証システムおよび認証方法
JP2002063493A (ja) 会員管理方法、会員管理システム及び会員管理プログラム
JP2024101739A (ja) 新規なログインコードの発行システム
JP2005018609A (ja) 個人情報管理システム、個人情報管理装置、個人情報管理方法、記録媒体及びプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06797769

Country of ref document: EP

Kind code of ref document: A1