Authentication control method and account lock system

The authentication control method forcibly deletes passwords after multiple failures, addressing the bypass issue in time-limited systems, ensuring high security by permanently disabling access, implemented in a client-server system with database management.

JP2026095907APending Publication Date: 2026-06-12立花良一

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
立花良一
Filing Date
2024-12-02
Publication Date
2026-06-12

AI Technical Summary

Technical Problem

Existing time-limited authentication control methods and account lock systems can be bypassed by repeatedly attempting authentication after a certain period, allowing unauthorized access if enough time is given.

Method used

An authentication control method that forcibly deletes the password corresponding to an ID after a predetermined number of verification failures exceeds a threshold, ensuring that further attempts with any password will fail, implemented through a client-server system with database tables to manage thresholds and cumulative failure counts.

Benefits of technology

Ensures high security by preventing unauthorized access by permanently disabling the password after multiple failures, enhancing security performance beyond conventional time-limited methods.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026095907000001_ABST
    Figure 2026095907000001_ABST
Patent Text Reader

Abstract

This invention provides an authentication control method with superior security performance compared to conventional time-limited account lock systems, and an account lock system utilizing this authentication control method. [Solution] The account lock system 1 consists of a server group 10 comprising a database server 11 and a web server, and client terminals 20 that access the server group 10 via the internet. Three tables, an ID setting table 111, an ID status table 112, and an ID information table 113, operate on the database server 11. They verify whether the ID and password entered from the client terminal 20 are correct or not, and if they are incorrect, they store and control the number of failures and the threshold limit. If the cumulative number of failures exceeds a predetermined threshold, the password corresponding to the ID that repeatedly failed to verify the ID is forcibly deleted.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present invention relates to an authentication control method performed when a client terminal accesses a server group or a server via a network, or an account lock system using the authentication control method.

Background Art

[0002] In a website or a computer system where login authentication is performed by collating an ID and a password, there already exists an authentication control method called so-called account lock, in which a threshold value of the number of login authentication failures is predetermined, and when the threshold value is exceeded, login authentication is stopped for a certain period of time (for example, Patent Document 1).

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0004] In the case of a time-limited authentication control method such as stopping login authentication for a certain period of time or an account lock system using such a time-limited authentication control method as described above, even if the ID is account-locked due to authentication failure exceeding the threshold value, authentication can be performed again with the ID and password after a certain period of time (login authentication can be performed infinitely if enough time is taken).

[0005] Therefore, an object is to provide an authentication control method with higher security performance than time-limited account lock and an account lock system using the authentication control method.

Means for Solving the Problems

[0006] To solve the above-mentioned problems, the present invention provides an authentication control method characterized by forcibly deleting the password corresponding to the ID that has repeatedly failed to verify an ID when the cumulative number of failures in the ID verification process exceeds a predetermined threshold.

[0007] To solve the above-mentioned problems, the present invention provides an authentication control method that includes a threshold setting step of setting and storing the threshold in a database server, an ID information setting step of setting and storing the ID and password to be used in the ID matching step in a database server, an ID matching step of comparing whether the ID and password stored in the ID information setting step are the same as the ID and password entered from the client terminal, and an ID state update step of counting and updating the cumulative number of times the matching result in the ID matching step is negative, wherein when the cumulative number in the ID state update step exceeds the threshold, the password corresponding to the ID that has repeatedly failed to match is forcibly deleted.

[0008] To solve the above-mentioned problems, the present invention provides an account lock system that utilizes the aforementioned authentication control method, comprising at least a server or group of servers that stores the threshold, the ID and password used in the ID matching step, and the cumulative number of matching failures in the ID matching step, and that transmits the ID and password entered on a predetermined client terminal to the server or group of servers via a network during the ID matching step.

[0009] To solve the above-mentioned problems, the present invention provides an account lock system in which the threshold value is stored in the ID setting table of the database server, and the ID and password used in the ID matching process, as well as the cumulative number of matching failures in the ID matching process, are stored in the ID status table of the database server. [Effects of the Invention]

[0010] The authentication control method of the present invention forcibly deletes the password corresponding to the ID that has repeatedly failed to verify IDs when the cumulative number of failures in the ID verification process exceeds a predetermined threshold. Therefore, after the cumulative number of failures exceeds the threshold, ID verification will never succeed regardless of the password entered, resulting in extremely high security performance.

[0011] The authentication control method of the present invention includes a threshold setting step of setting and storing the threshold in a database server, an ID information setting step of setting and storing the ID and password to be used in the ID matching step in a database server, an ID matching step of comparing whether the ID and password stored in the ID information setting step are the same as the ID and password entered from the client terminal, and an ID state update step of counting and updating the cumulative number of times the matching result in the ID matching step is negative. When the cumulative number in the ID state update step exceeds the threshold, the password corresponding to the ID that has repeatedly failed to match is forcibly deleted. Therefore, after the cumulative number of failures exceeds the threshold, no matter what password is entered, ID matching will not succeed, resulting in extremely high security performance.

[0012] The account lock system of the present invention is an account lock system that utilizes the authentication control method described above, and comprises at least a server or group of servers that stores the threshold, the ID and password used in the ID matching step, and the cumulative number of matching failures in the ID matching step, and transmits the ID and password entered on a predetermined client terminal to the server or group of servers via the network during the ID matching step, so that after the cumulative number of failures exceeds the threshold, no matter what password is entered, ID matching will not succeed, and the system functions as an account lock system with extremely high security performance.

[0013] The account lock system of the present invention stores the threshold value in the ID setting table of the database server, and stores the ID and password used in the ID matching process, as well as the cumulative number of matching failures in the ID matching process, in the ID status table of the database server. Therefore, by operating each table of the database server, an account lock system with the same high security performance as described above can be realized. [Brief explanation of the drawing]

[0014] [Figure 1] Figure 1 is a system configuration diagram showing the overall structure of the account lock system. [Figure 2] Figure 2 shows a portion of the table structure of the ID setting table. [Figure 3] Figure 3 shows a portion of the table structure of the ID status table. [Figure 4] Figure 4 shows a portion of the table structure of the ID information table. [Figure 5] Figure 5 is an illustrative diagram showing the operation and system operation when authentication is initiated. [Figure 6] Figure 6 shows a predetermined ID setting table. [Figure 7] Figure 7 shows the ID status table when the first authentication (matching) fails. [Figure 8] Figure 8 is an illustrative diagram showing the process of the second authentication (verification) failure. [Figure 9] Figure 9 shows the ID status table when the second authentication (verification) fails. [Figure 10] Figure 10 is an illustrative diagram showing the process of the third authentication (verification) failure. [Figure 11] Figure 11 shows the ID status table after the third cumulative authentication (verification) has failed (the state after password deletion). [Figure 12] Figure 12 shows the ID status table after the system administrator has restored the account from a locked state.

Mode for Carrying Out the Invention

[0015] It is implemented as a client-server system that requires high security.

Example

[0016] First, the operating environment of the account lock system that uses the authentication control method of the present application will be described according to FIGS. 1 to 4.

[0017] The account lock system (1) includes at least a predetermined server group or server (10) and a client terminal (20) that can be accessed via a network to the server group or server (FIG. 1).

[0018] Regarding the server group or server (10), as long as it has necessary functions such as a database server service or a web server service, it may be a server group composed of multiple servers or only one server. However, considering load distribution or fault tolerance, etc., it is considered preferable to be a server group composed of multiple servers (FIG. 1).

[0019] Regarding the server group or server (10), in this embodiment, it is composed of one database server (11) that has a database server function and on which the same service operates, and one web server (12) that has a web server function and also has a JSP (Java Server Pages) service function that operates by describing a script in an HTML file (FIG. 1).

[0020] On the database server (11), at least three tables, namely a predetermined ID setting table (111), an ID status table (112), and an ID information table (113), operate (FIG. 1).

[0021] The information stored in the aforementioned ID setting table (111) includes a login ID column and a threshold column that defines the upper limit of the cumulative number of failures in the ID matching process (Figures 2 and 1).

[0022] The information stored in the aforementioned ID status table (112) includes a login ID column, a password column, an account lock flag column, and a matching failure count column that counts the number of matching failures in the ID matching process (Figures 3 and 1).

[0023] The information stored in the aforementioned ID information table (113) includes a login ID column, an address column, an email address column, a credit card address column, and a telephone number column (Figures 4 and 1).

[0024] Furthermore, the primary key for each of the aforementioned tables (111, 112, and 113) will be the Login ID column.

[0025] Regarding the client terminal (20), any terminal equipped with web browsing software and capable of accessing the database server (11) or the web server (12) via a network is acceptable, but it is assumed that these will mainly be personal computers, tablet terminals, or smartphones.

[0026] In this embodiment, the aforementioned network is assumed to be the Internet, but other networks are also acceptable.

[0027] Next, the operation image of the account lock system, the processing image of authentication control, and the transitions of each database table will be explained with reference to Figures 5 to 12.

[0028] (operation) The operator of the client terminal (20) accesses the server group (10) via the internet, enters their own ID (user account) "AAA" in the ID field displayed on the browser screen, enters the password corresponding to that ID in the password field, and then clicks the login button (Figure 5).

[0029] Furthermore, the value of the threshold column that defines the upper limit of the cumulative number of failures in the ID matching process for the aforementioned ID "AAA" must be predetermined in the threshold column that constitutes the ID setting table (111) of the database server (11).

[0030] With regard to the threshold column values ​​of the ID setting table (111), in this embodiment, we will continue the explanation assuming that both IDs "AAA" and "BBB" are predetermined to be "3" by a predetermined program operating on the Web server (12) (the state shown in Figure 6).

[0031] (process) If the ID and password entered and transmitted from the client terminal (20) are "aaa", this is not the same as "xxx" stored in the password column corresponding to the ID column "AAA" in the ID status table (112) operating on the database server (11). Therefore, the matching process results in a matching (authentication) failure.

[0032] As a result, the authentication failure count column in the ID status table (112) is updated by increasing its initial value from 0 to 1 (Figure 7).

[0033] Furthermore, the account lock flag column in the aforementioned ID status table (112) is also updated by changing its initial value from 0 to 1 (Figure 7).

[0034] Furthermore, because the account lock flag column in the ID status table (112) is set to 1, the ID verification process will be in the same state as a conventional time-limited account lock, making authentication impossible. However, after a certain period of time, the time-limited account lock will be released, and the account lock flag column in the ID status table will be updated from 1 to 0 (not shown).

[0035] (operation) Subsequently, suppose the operator of the client terminal (20) changes only the password to "bbb" without changing the ID and clicks the login button again (Figure 8).

[0036] (process) The password entered and transmitted from the client terminal is "bbb" (the ID remains "AAA"). However, this is not the same as "xxx" stored in the password column corresponding to the ID column "AAA" in the ID status table (112) operating on the database server (11). Therefore, the second matching (authentication) process also results in a matching (authentication) failure.

[0037] As a result, the authentication failure count column in the ID status table (112) is updated by increasing it from 1 to 2, but the account lock flag column in the ID status table (112) remains at 1 (Figure 9).

[0038] If the second verification (authentication) process fails after the temporary account lock has been released, the account lock flag column in the ID status table (112) is updated by changing it from 0 to 1 (not shown).

[0039] In either case, since the account lock flag column in the ID status table (112) is 1, the ID verification process will be in the same state as a conventional time-limited account lock, and authentication will be impossible. However, after a certain period of time has elapsed, the time-limited account lock will be released, and the account lock flag column in the ID status table will be updated from 1 to 0 (not shown).

[0040] (operation) Furthermore, suppose the operator of the client terminal (20) then changes only the password to "ccc" without changing the ID and clicks the login button again (Figure 10).

[0041] (process) The password entered and transmitted from the client terminal is "ccc" (the ID remains "AAA"). However, this is not the same as "xxx" stored in the password column corresponding to the ID column "AAA" in the ID status table (112) operating on the database server (11). Therefore, the third matching (authentication) step also results in a matching (authentication) failure.

[0042] As a result, the authentication failure count column in the ID status table (112) is updated by increasing it from 2 to 3 (Figure 11).

[0043] Furthermore, because the value of the authentication failure count column in the ID status table (112) exceeds the value of the threshold column in the ID setting table (111), the password column in the ID status table is forcibly deleted by a predetermined program running on the Web server (12), and is updated from "xxx" to "NULL" (Figure 11).

[0044] (operation) When the system transitions to the state described above, even if the client terminal (20) enters ID "AAA" and password "xxx", the verification (authentication) process will result in a verification (authentication) failure. In other words, login will not be possible regardless of the password entered. Furthermore, since the above state will persist even after a certain period of time has elapsed, login will remain impossible with login ID "AAA" regardless of the password entered.

[0045] Furthermore, it is preferable to promptly inform the ID user of the situation described above. In this embodiment, a message to that effect is sent to the email address stored in the email address column of the ID information table (113).

[0046] Furthermore, if you wish to recover from the aforementioned situation, this is possible by promptly contacting the system administrator and taking appropriate action.

[0047] For example, if a system administrator forcibly changes the account lock flag column corresponding to the ID "AAA" in the ID status table (112) from 1 to 0, and forcibly changes the authentication failure count column from 3 to 0, and resets the password for the ID "AAA" to "zzz", the system will be restored (the state shown in Figure 12).

[0048] As mentioned above, regarding the account lock flag column of the ID status table (112), if a certain period of time has elapsed without the aforementioned matching (authentication) being performed, a program (not shown) controls it to update from "1" to "0" (conventional timed account lock operation). However, even in that case, the value of the authentication failure count column is maintained. [Industrial applicability]

[0049] The present invention can be used in various client-server systems where high security is required. [Explanation of Symbols]

[0050] 1. Account Lock System 10 Server Groups 11 Database Server 111 ID setting table 112 ID status table 113 ID Information Table 12. Web Server (Web server functionality and JSP functionality) 20 client terminals

Claims

1. An authentication control method characterized by forcibly deleting the password corresponding to the ID that has repeatedly failed to verify an ID when the cumulative number of failures in the ID verification process exceeds a predetermined threshold.

2. A threshold setting step in which the aforementioned threshold is set and stored in the database server, An ID information setting step involves setting and storing the ID and password used in the aforementioned ID verification step in a database server, An ID verification step is performed to verify whether the ID and password stored in the ID information setting step are the same as the ID and password entered from the client terminal. An ID status update step that counts and updates the cumulative number of times the matching result in the aforementioned ID matching step is negative, The authentication control method according to claim 1, which includes the above, and is characterized in that when the cumulative number of times in the ID state update step exceeds the threshold, the password corresponding to the ID that has repeatedly failed to match the ID is forcibly deleted.

3. An account lock system utilizing the authentication control method of claim 1 or claim 2, An account lock system comprising at least a server or group of servers that stores the threshold, the ID and password used in the ID matching process, and the cumulative number of matching failures in the ID matching process, and transmitting the ID and password entered on a predetermined client terminal to the server or group of servers via a network during the ID matching process.

4. The account lock system according to claim 3, wherein the threshold is stored in the ID setting table of the database server, and the ID and password used in the ID matching process, as well as the cumulative number of matching failures in the ID matching process, are stored in the ID status table of the database server.