Device that performs user authentication
The user authentication device uses a complex image-based authentication method with positional and attribute-based conditions to enhance security by preventing easy guessing, addressing vulnerabilities in traditional password and PIN entry systems.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SHANGHAI AVIC OPTO ELECTRONICS CO LTD
- Filing Date
- 2024-12-27
- Publication Date
- 2026-07-09
AI Technical Summary
Existing user authentication methods, such as password and PIN entry, are vulnerable to eavesdropping and easy guessing, compromising device security.
A user authentication device that displays a user authentication image comprising multiple images, where the selection target image satisfies specific positional and attribute-based conditions, making it difficult for a third party to guess the correct selection.
Enhances security by making it challenging for unauthorized users to determine the correct selection target image, thereby improving device security.
Smart Images

Figure 2026115295000001_ABST
Abstract
Description
Technical Field
[0001] The present disclosure relates to a device for performing user authentication.
Background Art
[0002] In a device such as a smartphone, a security lock by user authentication is known to prevent use by a third party other than the owner. As a method for unlocking the security lock, entering a password is widely known.
[0003] The security lock by password can be easily unlocked by peeping at the password entry or using a well-known password. This is because the password, which is the unlock key, is generally known to be a number from 0 to 9 and the number of digits is about 4 digits. On this premise, if one remembers about 4 digits touched at the time of input, the security lock can be unlocked.
[0004] Thus, the method of entering a number as a password is widely used in the world. On the other hand, a technique of using a figure as an authentication key instead of a password is known. However, similar to the case of numbers, the authentication key can be known to a third party by allowing the third party to see the image of the touched part.
Prior Art Documents
Patent Documents
[0005]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0006] In the input of a user authentication key in a device having an input function on a screen such as a smartphone or a tablet, a technique for making it difficult for the user authentication key to be estimated by a third party is desired.
Means for Solving the Problems
[0007] One aspect of the present disclosure is a device for performing user authentication, comprising a controller and a display device, wherein the controller displays a user authentication image consisting of a plurality of images on the display device, the plurality of images including a selection target image for user authentication, the user authentication condition includes selecting the selection target image, the selection target image satisfies a preset selection target image condition, and the selection target image condition defines the positional relationship between the selection target image and a surrounding image different from the selection target image that satisfies a preset surrounding image condition. [Effects of the Invention]
[0008] According to one aspect of this disclosure, the user authentication key can be made difficult for a third party to guess. [Brief explanation of the drawing]
[0009] [Figure 1] This shows an example configuration of a user authentication device that has a user authentication function. [Figure 2] A schematic example of the configuration of a user authentication device is shown below. [Figure 3] An example of an image for user authentication (authentication image) in one embodiment of this specification is shown. [Figure 4] Other examples of authentication images are shown. [Figure 5] Other examples of authentication images are shown. [Figure 6] This shows an example of the information contained in image data stored in a user authentication device. [Figure 7] This is a block diagram showing the functional configuration of a user authentication device. [Figure 8] An example flowchart of the authentication image generation process by the authentication condition determination unit is shown. [Figure 9A] Examples of different authentication images that meet the selection criteria are shown. [Figure 9B] The following are examples of different authentication images that satisfy the same selection criteria as Figure 9A. [Figure 10]Shows an example flowchart of user authentication determination processing. [Figure 11A] Shows a series of changes in a GUI image example in setting the selection target image conditions. [Figure 11B] Shows a series of changes in a GUI image example in setting the selection target image conditions. [Figure 11C] Shows a series of changes in a GUI image example in setting the selection target image conditions. [Figure 11D] Shows a series of changes in a GUI image example in setting the selection target image conditions. [Figure 11E] Shows a series of changes in a GUI image example in setting the selection target image conditions. [Figure 11F] Shows a series of changes in a GUI image example in setting the selection target image conditions. [Figure 11G] Shows a series of changes in a GUI image example in setting the selection target image conditions. [Figure 11H] Shows a series of changes in a GUI image example in setting the selection target image conditions. [Figure 12] Shows an example flowchart of the method for setting the selection target image conditions by the user authentication related condition generation unit. [Figure 13] Shows an example configuration of a user authentication device including a fingerprint sensor. [Figure 14] Shows an example of the relationship between the sensing area and the display area of the fingerprint sensor.
Mode for Carrying Out the Invention
[0010] Hereinafter, embodiments will be specifically described with reference to the drawings. The same reference numerals are assigned to common configurations in each figure. For the sake of clarity in explanation, the dimensions and shapes of the illustrated objects may be exaggerated in some cases.
[0011] In a device such as a smartphone, in order to prevent use by a third party other than the owner, a security lock by user authentication is known. As a method for releasing the security lock, password input is widely known.
[0012] Security locks using PINs can be easily bypassed by eavesdropping on PIN entry or by using easily guessable PINs. This is because the PIN, which serves as the unlocking key, is generally known to be a number between 0 and 9 and has about four digits. Based on this, if one remembers the four digits touched during entry, the security lock can be bypassed.
[0013] Thus, the method of entering numbers as a PIN is widely used. On the other hand, there is a known technology that uses a graphic as an authentication key instead of a PIN. However, just like with numbers, if a third party sees the image of the contact points, the authentication key can be revealed to that third party.
[0014] One embodiment of this specification describes a technique for making it difficult for a third party to guess a user authentication key when entering a user authentication key on a device with an input function on the screen, such as a smartphone or tablet.
[0015] Figure 1 shows an example configuration of a user authentication device 1 having a user authentication function. Figure 1 shows a smartphone as an example of user authentication device 1. User authentication device 1 may be any type of device, for example, a smartphone or tablet terminal, or any type of device such as a desktop computer or laptop computer. User authentication device 1 may also be a server, and the server may, for example, present a GUI (Graphical User Interface) for user authentication on the user terminal.
[0016] In the example shown in Figure 1, the user authentication device 1 includes a touch panel display device 10, which is an input device and an output device. The touch panel display device 10 displays an authentication image for user authentication, which will be described later. The authentication image consists of one or more selectable images and other non-selectable images. The selectable images are the images that should be selected for user authentication. On the touch panel display device 10, the user selects an image from the authentication image using an indicator such as a finger for user authentication.
[0017] User authentication device 1 determines that the user operating the device is legitimate if all or part of the target images in the displayed authentication image are accurately selected according to pre-set authentication conditions. User authentication may be performed, for example, to log in to user authentication device 1, or it may be performed to move to a specific application or a specific GUI screen.
[0018] Figure 2 schematically shows an example configuration of the user authentication device 1. The user authentication device 1 may have a computer configuration. In the example configuration shown in Figure 2, the user authentication device 1 includes an arithmetic unit 11, a main memory 12, an auxiliary memory 13, an input device 14, a display device 15, and a communication device 16. The components excluding the input device 14 and the display device 15 are included in the controller of the user authentication device 1.
[0019] The auxiliary storage device 13 is a storage device composed of appropriate non-volatile memory elements, such as an SSD (Solid State Drive) or a hard disk drive (HDD). The main storage device 12 is a storage device composed of volatile memory elements, such as RAM (Random Access Memory). Either the auxiliary storage device 13 or the main storage device 12, or a combination thereof, constitutes a storage device.
[0020] The arithmetic unit 11 is, for example, a CPU (Central Processing Unit). The arithmetic unit 11 executes the program 102 stored in the auxiliary storage device 13 by reading it into the main memory device 12, and performs overall control of the user authentication device 1, as well as various judgments, calculations, and controls.
[0021] The arithmetic unit 11 operates as a functional unit (means) that realizes predetermined functions by executing a program stored in the main memory 12. The arithmetic unit 11 may include multiple chips and multiple packages. The program, when executed by the arithmetic unit 11, performs predetermined processing using memory and communication devices. Therefore, a description with the program as the subject may also be a description with the arithmetic unit 11 as the subject, or a description with the computer and computer system on which the program runs as the subject.
[0022] Furthermore, at least some of the program's functions may be implemented by dedicated hardware. The program can be installed on the device via a program distribution server or a computer-readable non-temporary storage medium, and can be stored in a non-volatile storage device.
[0023] The input device 14 is a device such as a touch panel, keyboard, or mouse that handles external user input to the user authentication device 1. The input device 14 sends the user input information to the arithmetic unit 11. In one embodiment of this specification, the input device sends user input for generating an authentication image and user input information for user authentication to the arithmetic unit 11.
[0024] The display device 15 displays images generated by the processing unit 11. The display device 15 is, for example, a liquid crystal display device or an organic EL display device. In one embodiment of this specification, the display device 15 displays a GUI image for generating an authentication image for user authentication, or an authentication image in user authentication. The communication device 16 is a network interface that connects to a network and performs communication processing with other devices.
[0025] Some of the components shown in Figure 2 may be omitted. For example, if the user authentication device 1 is a server accessed from a user terminal, its input device 14 and display device 15 may be omitted. If the user authentication device 1 does not require communication with other devices, the communication device 16 may be omitted.
[0026] The auxiliary storage device 13 stores a set of programs 110 for implementing the functions necessary for the user authentication device 1. The set of programs 110 includes an operating system (not shown), a user authentication-related condition generation unit 111, and an authentication condition determination unit 113. The auxiliary storage device 13 also stores user authentication-related condition information 120 and image information 130.
[0027] The user authentication-related condition information 120 includes the selected image condition information 121 and the authentication condition information 122. The image information 130 stores the data used to generate each of the multiple images that make up the authentication image. The image information 130 includes parameters and image data for generating each image in the authentication image, such as characters, shapes, patterns, colors, and photographs.
[0028] The selection target image condition information 121 defines the conditions for the selection target image that the user should select in the authentication image. The authentication condition information 122 defines the conditions for the selection target image that should be selected from the authentication image for user authentication. For example, it defines the number of selection target images that must be selected from one or more selection target images included in the authentication image in order to authenticate the user, the number of consecutive attempts allowed, the timeout period, etc.
[0029] The selected image condition information 121 and the authentication condition information 122 are generated by the user authentication-related condition generation unit 111 in response to user input. The authentication condition determination unit 113 performs user authentication using the authentication image. More specifically, the authentication condition determination unit 113 generates and displays an authentication image according to the selected image condition information 121, and further determines whether the accessing user is a legitimate user based on the user input for that authentication image and the authentication condition information 122.
[0030] Figure 3 shows an example of an image for user authentication (authentication image) in one embodiment of this specification. The authentication image 20 is composed of a plurality of rectangular images 201-206 and 211. Image 211 is the image to be selected, and the other images 201-206 are images not to be selected.
[0031] In Figure 3, "()" indicates the color of the image, and characters without "()" represent the characters the image depicts. For example, images 201 to 204 are rectangular images in red, pink, green, and yellow, respectively, and the selected image 211 is a rectangular image in blue. Image 205 is a rectangular image representing the character "あ", and image 206 is a purple rectangular image representing the character "3". In Figure 3, the color of image 205, where the color is not explicitly stated, is the default color, for example, white.
[0032] The selection target image condition defined for the example authentication image 20 shown in Figure 3 is "an image adjacent to the red image and the green image." In authentication image 20, only the selection target image 211 satisfies this selection target image condition. That is, only the selection target image 211 is adjacent to the red image 201 and the green image 203. Furthermore, the user authentication condition is that the user selects all of the selection target images 211 before the timeout.
[0033] Figure 4 shows another example of the authentication image 25. The selection target image condition information 121 defines for the authentication image 25 is the same as the selection target image condition for the authentication image 20 shown in Figure 3. Also, the authentication condition information 122 defines for the authentication image 25 is the same as the authentication condition for the authentication image 20 shown in Figure 3.
[0034] The authentication image 25 is composed of multiple images 251-255 and 261. The area outside of these images 251-255 and 261 is the background area of the authentication image 25. Images 251, 252, 253, and 254 are red, blue, green, and purple images, respectively. Image 255 is composed of a rectangle and a circle contained within it. Image 261 is the image to be selected and is a pink image.
[0035] The authentication image 25 is composed of multiple overlaid images, for example. The blue trapezoidal image 252 is displayed so that a portion of it overlaps the rectangular images 251 and 254, and the pink triangular image 261 is displayed so that a portion of it overlaps the rectangular images 251, 253, and 254. Note that in their displayed state, images 251, 253, and 254 are polygons different from rectangles.
[0036] Thus, the shape, type, and size of each image within the authentication image may differ, multiple images may be arranged so that they partially overlap, or all images may be arranged so that they do not overlap.
[0037] The selection target image condition defined for authentication image 25 is the same as for authentication image 20 shown in Figure 3: "an image adjacent to the red image and the green image." In authentication image 25, only the pink image 261 satisfies this selection target image condition. In other words, only the selection target image 261 is adjacent to the red image 251 and the green image 253. Furthermore, the user authentication condition is that the user selects all the selection target images 261 before the timeout. Selection of the selection target images can be done using input from a touch panel, mouse, or keyboard, or by using voice or the results of gaze analysis captured by a camera.
[0038] As explained with reference to Figures 3 and 4, the authentication image consists of multiple images (display images) and may include one or more images to be selected. Furthermore, as will be described later, a single user authentication process may present multiple authentication images, some of which may exclude the images to be selected. In the example explained with reference to Figures 3 and 4, the number of images to be selected is one.
[0039] The selection target image conditions for each selection target image include information on areas other than the selection target image itself. In one embodiment of this specification, the selection target image conditions include the positional relationship between the selection target image and the surrounding images. Each surrounding image is an image different from the selection target image and is another selection target image or a non-selection target image. The surrounding image conditions that define the surrounding images are included within the selection target image conditions. In the example described with reference to FIGS. 3 and 4, the surrounding image conditions are red or green images. Also, the selection target image conditions are defined as being in contact with the red image and the green image. Images other than the selection target image do not meet the selection target image conditions.
[0040] The user authentication device 1 dynamically determines the position and / or attributes of the selection target image during the generation of the authentication image without fixing them. That is, at least some of the shape, size, category, elements within the category (which are included in the attributes), and position of the selection target image can change. For the example described with reference to FIGS. 3 and 4, the selection target image conditions are common, but the positions, colors, and shapes of the selection target images 211 and 261 are different. Thus, by changing the display method (including the position and attributes) of the selection target image in the authentication image, the possibility of others knowing the selection target image can be reduced, and security can be improved.
[0041] FIG. 5 shows an authentication image 30 of another example. Compared with the example described with reference to FIG. 3 or 4, the authentication image 30 is composed of a plurality of images arranged in a matrix. That is, within the authentication image 30, the relative positions of the images are fixed. Also, in the example shown in FIG. 5, each image is indicated by a rectangular frame.
[0042] In the example shown in FIG. 5, the authentication image 30 is composed of images arranged in 6 rows and 4 columns. Each image can indicate one or more attributes. For example, image 311 shows only blue, image 321 shows the character "North" and yellow, image 322 shows a picture of a fish, image 323 shows a photo of scissors, and image 324 shows a specific pattern.
[0043] The selection criteria defined for authentication image 30 is "the second image from the top in a column where the number of images containing a color is 3, and which contains a letter or number." Furthermore, the user authentication condition is that the user selects all the selection criteria before the timeout.
[0044] As with Figures 3 and 4, in Figure 5, "()" indicates the color of the image, and elements without "()" represent the elements the image represents. Images without a color indicated by "()" have a default color (e.g., white) and are defined as colorless in this context.
[0045] Referring to Figure 5, image 312 in column 310 satisfies the above selection criteria for images. Specifically, column 310 consists of images 311 to 316. Image 311 shows only blue. Image 312 shows only the letter "A". Image 313 shows only blue. Image 314 shows only the number "3". Image 315 shows only orange. Image 312 shows only the letter "ka".
[0046] In column 310, there are three images that contain the color attribute: blue images 311 and 313, and orange image 315. The other columns do not satisfy this condition. For example, the leftmost column has one image containing color, and the rightmost column has two images containing color.
[0047] In column 310, the second image from the top, 312, represents the letter "A". Therefore, image 312 is the image to be selected. In the authentication image 30 shown in Figure 5, image 312 is the only image to be selected.
[0048] Figure 6 shows an example of the information (data) contained in the image information 130 stored in the user authentication device 1. The image information 130 includes information for forming and displaying each authentication image. In the example shown in Figure 6, the image information 130 defines the category to which each image belongs. The image information 130 indicates the category of images used for authentication and the images (elements) included in each category.
[0049] Define the category to which each image belongs. The categories of images used for authentication may include letters (excluding numbers), numbers, shapes, symbols, patterns, as well as pictures, photographs, colors, etc. In the example shown in Figure 6, shapes, symbols, and patterns are in the same category, and pictures and photographs are in the same category. The categories shown in Figure 5 are just examples, and other categories may be included, and some categories may be omitted. Note that it is not necessary to define the category of the image information.
[0050] In the example described with reference to Figures 3, 4, and 5, the authentication image is a combination of images, and one or more of these images may be selected as the target image. The selection target image conditions include other image information. The user authentication device 1 places the target image in the authentication image at a position where the selection target image conditions are satisfied, and places the non-selection target images in a position where the selection target image conditions are not satisfied. The user authentication-related condition information 120 may be set by the user to be authenticated or by another user.
[0051] The position of the selected image within the authentication image is undefined, and authentication information is not contained within its absolute position within the authentication image. Furthermore, the category of the selected image can change, including text, symbols, pictures, photographs, etc., so authentication information is not contained within the image category or element itself. In this way, the display method of the selected image (including attributes and position) and the display method of other images are determined for each authentication image, thus effectively preventing the leakage of authentication information to others.
[0052] The processing performed by the user authentication device 1 will be described below. Figure 7 is a block diagram showing the functional configuration of the user authentication device 1. The user authentication-related condition generation unit 111 receives input of the target image conditions and authentication conditions from the user via the GUI provided by the display device 15 and the input device 14, and stores them in the user authentication-related condition information 120.
[0053] The authentication condition determination unit 113 refers to the selected target image condition information 121 in the user authentication-related condition information 120, generates an authentication image from the image information 130, and displays it on the display device 15. Furthermore, the authentication condition determination unit 113 obtains user input for the authentication image from the input device 14 and determines the legitimacy of the user.
[0054] First, the processing of the authentication condition determination unit 113 will be explained. Based on the selected target image condition information 121, the authentication condition determination unit 113 generates an authentication image from the image information 130 and displays it on the display device 15. At the same time, it determines whether the user input from the input device 14, for example, a user's touch operation on the touch panel, matches the selected target image conditions and authentication conditions indicated by the user authentication-related condition information 120, and outputs the determination result.
[0055] Figure 8 shows an example flowchart of the authentication image generation process S10 by the authentication condition determination unit 113. Here, the authentication image is assumed to consist of images arranged in a matrix. Also, it is assumed that there is only one image to be selected in the authentication image.
[0056] The authentication condition determination unit 113 discloses the authentication image generation process S10 in response to control signals from other functional units. For example, the trigger may be touching the touch panel of the user authentication device 1 while it is locked, or accessing a specific website.
[0057] The authentication condition determination unit 113 randomly selects a row within the range of the authentication image settings (S11). The number of rows and columns of the authentication image are set in advance. Furthermore, the authentication condition determination unit 113 randomly selects a column within the range of the authentication image settings (S12).
[0058] Next, the authentication condition determination unit 113 determines whether the position of the intersection region of the selected row and column satisfies the selection target image conditions indicated by the selection target image condition information 121 (S13). If the position does not satisfy the selection target image conditions (S13: NO), the flow returns to step S11. If the position satisfies the selection target image conditions (S13: YES), the flow proceeds to the next step S14. Note that if the selection target image conditions do not define a position for the selection target image, it is determined that any position satisfies the selection target image conditions.
[0059] In the example of authentication image 30 shown in Figure 5, the selection criteria for authentication image 30 specify "the second image from the top containing a letter or number in a column where the number of images containing a color is 3." Therefore, if the intersection of the selected row and column is included in the second row from the top, the positional condition of the selection criteria for the image is satisfied.
[0060] Next, the authentication condition determination unit 113 generates and arranges each of the images constituting the selected row and / or column so that the image of the intersection region of the selected row and / or column satisfies the selection target image conditions (S14). For example, the authentication condition determination unit 113 generates an image with attributes defined by the selection target image condition information 121 and places it in the intersection region. Furthermore, the authentication condition determination unit 113 generates and arranges each of the images constituting the row and / or column so that it satisfies the conditions defined by the selection target image condition information 121.
[0061] Step S14 will be explained using the authentication image 30 shown in Figure 5 as an example. As described above, the selection criteria for the authentication image 30 is defined as "the second image from the top containing a character or number in a column where the number of images containing a color is 3." The authentication condition determination unit 113 selects the character or number and color of the selection target image 312 from the image information 130.
[0062] Furthermore, the authentication condition determination unit 113 determines the attributes of each of the other images in column 310 that contain the selected image 312. The authentication condition determination unit 113 randomly selects three image positions from the image positions in column 310 other than the selected image 312, and selects the color and non-color elements (characters, symbols, etc.) of each image from the image information 130. Furthermore, the authentication condition determination unit 113 determines the color of the images in the other image positions to be colorless (default color), and further randomly determines other elements to be displayed besides the color. The attributes of the other images in the row containing the selected image 312 may be determined randomly.
[0063] After determining the images for the selected rows and columns, the authentication condition determination unit 113 randomly generates images for other image positions from the image information 130 and places them (S15). Next, the authentication condition determination unit 113 determines whether the images other than the selected images satisfy the selection target image conditions (S16). If any of the non-selected images satisfy the selection target image conditions (S16: YES), the flow returns to step S11. If none of the non-selected images satisfy the selection target image conditions (S16: NO), the authentication condition determination unit 113 displays the generated authentication image on the display device 15.
[0064] The example described with reference to Figure 8 places only one target image within the authentication image. When multiple target images are to be placed, the authentication condition determination unit 113 may, for example, repeat steps S11 to S14 for the number of target images to be placed, and then execute steps S15 to S17.
[0065] As explained with reference to Figure 3 or 4, a non-matrix-shaped authentication image can be generated, for example, as follows. The authentication condition determination unit 113 randomly determines the position of the target image to be selected within the authentication image and determines its attributes from the image information 130 according to the target image selection conditions. The target image selection conditions for the authentication image 20 shown in Figure 3 do not define the attributes of the target image to be selected, so they can be determined randomly. In the example in Figure 3, the authentication condition determination unit 113 determines the position and shape of the image 211, and further determines that the display element is blue only.
[0066] Next, the authentication condition determination unit 113 determines the position and attributes of surrounding images that satisfy the surrounding image conditions within the selected image conditions. In the authentication image 20 of Figure 3, the red image 203 and the green image 203 are generated and placed adjacent to the selected image 211. The attributes and positions of other images may be determined randomly. If images other than the selected image satisfy the selected image conditions, the attributes and positions of the other images are repeatedly determined randomly. This step is repeated until all images other than the selected image no longer meet the selected image conditions.
[0067] Similarly, for the authentication image 25 in Figure 4, the authentication condition determination unit 113 may determine the attributes and positions of surrounding images that satisfy the conditions for the selected image (including the surrounding image conditions). If multiple images to be selected are to be placed, the above steps are repeated. After that, the authentication condition determination unit 113 may randomly determine the attributes and positions of other images. The random selection of other images is repeated until all randomly determined images fall outside the conditions for the selected image.
[0068] The above method for generating authentication images is merely an example, and authentication images can be generated using any other method or algorithm that satisfies the selection criteria, resulting in a predetermined number of selected images. Furthermore, other examples may exclude any restrictions on the number of selected images included in an authentication image, allowing any number of selected images to be included in a single authentication image. The authentication criteria may, for example, specify that 50% or more of the selected images must be selected from among them.
[0069] Figures 9A and 9B show examples of different authentication images that satisfy the same selection criteria. Authentication image 30 in Figure 9A is the same as authentication image 30 shown in Figure 5. Authentication image 35 in Figure 9B satisfies the same selection criteria as authentication image 30, but is a different image from authentication image 30. As described above, the selection criteria for authentication image 30 is defined as "the second image from the top that contains a letter or number in a column where the number of images containing a color is 3."
[0070] In the authentication image 30 of Figure 9A, the selected image 312 is the image 312 (region) containing the letter "A" in the second row from the top in the third column 310 from the left. In the authentication image 35 of Figure 9B, the selected image 352 is the image 352 (region) containing the number "4" in the second row from the top in the second column 350 from the left.
[0071] In this way, the authentication condition determination unit 113 can generate different authentication images that satisfy the same selection target image conditions. This improves security in user authentication. The method described with reference to Figure 8 randomly determines the position and attributes of the selected image and the position and attributes of the non-selected image within the range that satisfies the selection target image conditions. All or some of these may be determined by other methods, such as round robin, and some may be fixed.
[0072] Image information 130 can include information on the same number of candidate images as or more than the number of images that can be placed in a single authentication image. By selecting images to make up an authentication image from a larger number of images, the number of times the same image is used repeatedly can be reduced, thereby improving the security of user authentication.
[0073] Next, we will explain the process of determining the user's legitimacy based on the user's actions on the authentication image. Figure 10 shows an example flowchart of the user legitimacy determination process. Here, the user selects a target image from the authentication image on the touch panel. Also, it is assumed that there is only one target image within the authentication image.
[0074] After the authentication image generation process S10, the authentication condition determination unit 113 determines whether or not the user has made contact with the touch panel (S21). A touch panel control unit (not shown) performs touch detection on the touch panel. The authentication condition determination unit 113 receives a touch detection result indicating the touch position from the touch panel control unit.
[0075] When a touch is detected on the touch panel (S21:YES), the authentication condition determination unit 113 compares the touch position with the position of the selected image (S22). The position of the selected image may be, for example, any position within the region of its outline.
[0076] If the touch position matches the position of the selected image, that is, if it is within the area of the selected image (S22: Match), the authentication condition determination unit 113 outputs a result indicating this to another program (S23). The other program may display the initial image after login. If the touch position does not match the position of the selected image, that is, if it is outside the area of the selected image (S22: Mismatch), the authentication condition determination unit 113 outputs an image indicating this to the display device 15. The determination result may also be output to another program.
[0077] The setting of user authentication-related condition information 120 is described below. The user authentication-related condition generation unit 111 determines the selection target image conditions and authentication conditions according to the user input, and stores this information in the selection target image condition information 121 and the authentication condition information 122, respectively. In the example described below, the user to be authenticated inputs the user authentication-related condition information. Note that the user inputting the information may be, for example, a system administrator.
[0078] Figures 11A to 11H show a series of changes in the GUI image example during the setting of the selection target image conditions. The GUI images are generated and presented by the user authentication-related condition generation unit 111, and the user authentication-related condition generation unit 111 includes condition definitions in the selection target image condition information 121 according to the input to them. Details of setting the authentication conditions are omitted, but the user may input authentication conditions according to the GUI image presented by the user authentication-related condition generation unit 111, and the authentication conditions may be set in advance within the system.
[0079] In the example explained with reference to Figures 11A to 11H, the user sets (defines) "the number in the column with two colors" as the selection target image condition. This condition is the same as the selection target image condition explained with reference to Figures 5, 9A and 9B.
[0080] Figures 11A to 11C are images used to define the selection criteria for a row containing a selection target image. Referring to Figure 11A, the user authentication-related condition generation unit 111 displays a menu image 41 on the display device 15. The menu image 41 shows the category options for defining the selection criteria for a row containing a selection target image. The only condition for a row is that it contains the selection criteria. Therefore, in this case, the button 411 for "Numbers," which is the category of the selection target image, is selected.
[0081] Figure 11B shows the menu image 42 that appears after the "Number" button 411 is selected in the menu image 42 of Figure 11A. Menu image 42 shows options for defining conditions related to the selected "Number" image. There are no conditions for the "Number" image to be selected. Therefore, the "Other" button 421 is selected. If the number of "Numbers" defines that element, then another button 422 or 423 is selected.
[0082] Figure 11C shows the menu image 43 that appears after the "Other" button 421 is selected in the menu image 42 of Figure 11B. Menu image 43 includes the "Order" button 432, which allows specifying conditions for the "Number" images, in this case, the order. In this case, there are no conditions for the order of the selected images, so the "No Specification" button 431 is selected.
[0083] Figures 11D to 11F are images used to set the selection criteria for the column containing the image to be selected. The menu image 44 shown in Figure 11D shows the category options for setting the selection criteria for the image to be selected in the column. The selection criteria here include "columns with two colors". Therefore, the "Color" button 441 is selected.
[0084] Figure 11E shows the menu image 45 that appears after the "Color" button 441 is selected in the menu image 44 of Figure 11D. Menu image 45 shows options for defining the conditions for the selected "Color" image. As mentioned above, the selection criteria for the image include "a column with two colors". Therefore, the "Quantity" button 451 is selected. If the "Color" element is defined, the "Specific" button 452 is selected. The other buttons 3453 are the same as the "Other" button 421 in menu image 42.
[0085] Figure 11F shows the menu image 46 that appears after the "Quantity" button 451 is selected in the menu image 45 of Figure 11E. Menu image 46 shows the options for the number of images to display in the column. Here, the "2" button 461 is selected.
[0086] Figure 11G shows a GUI image 47 that appears after any button is selected in the menu image 46 of Figure 11F. All the information for the selection target image conditions has already been entered. Therefore, GUI image 47 shows the set (defined) selection target image conditions and a button 471 that allows the user to view a sample of the authentication image.
[0087] Figure 11H shows a GUI image 48 displayed in response to the user selecting button 471 via the input device 14. GUI image 48 shows an example of an authentication image that satisfies the set selection target image conditions. The user authentication related condition generation unit 111 generates an authentication image according to the selection target image conditions. When button 481 is selected, the user authentication related condition generation unit 111 generates and displays other examples of authentication images. When button 482 is selected, the setting process for the selection target image conditions is completed.
[0088] Next, the processing of the user authentication-related condition generation unit 111 will be explained. Figure 12 shows an example flowchart of how the user authentication-related condition generation unit 111 sets the selection target image conditions. Here, the authentication image is assumed to consist of multiple images arranged in a matrix. Also, the number of selection target images is assumed to be one.
[0089] First, the user authentication-related condition generation unit 111 sets the conditions for the row containing the image to be selected, according to the user input (S31). Next, the user authentication-related condition generation unit 111 sets the conditions for the column containing the image to be selected, according to the user input (S32). Next, the user authentication-related condition generation unit 111 stores the set image to be selected conditions in the image to be selected information 121 in the auxiliary storage device 13 (33).
[0090] Next, the user authentication-related condition generation unit 111 generates and displays examples of authentication images that satisfy the set selection target image conditions according to the user's instructions (S34). If the user requests the display of other authentication image examples (S35: YES), the user authentication-related condition generation unit 111 generates and displays examples of authentication images that satisfy the set selection target image conditions (S34). If the user requests the termination of the selection target image condition setting process (S35: NO), this flow terminates.
[0091] The following describes several examples of user authentication using authentication images. One user authentication method presents a series of authentication images that do not contain the selected image, in between. This can improve security. An example of an authentication image that does not contain (is excluded from) the selected image is, for example, an image in which the selected image 312 or 352 shown in Figure 9A or Figure 9 has been changed from "letters or numbers" to an image of another category.
[0092] For example, the authentication condition determination unit 113 displays an input completion button along with the authentication images. If the input completion button is selected after either image is selected, the authentication condition determination unit 113 denies the legitimacy of the user. If the input completion button is selected without any of the authentication images being selected, the authentication condition determination unit 113 may determine that the user is legitimate, or it may reserve judgment and present a new authentication image.
[0093] The presentation of authentication images that do not contain the selected image may be performed at any frequency. This frequency may be less frequent than the presentation of images that contain the selected image. For example, the authentication condition determination unit 113 may randomly decide whether or not to include the selected image in the presentation of authentication images, either periodically, hourly, or randomly. Alternatively, the authentication condition determination unit 113 may periodically present authentication images that do not contain the selected image.
[0094] Another method of user authentication using authentication images involves displaying an authentication image containing multiple selectable images, and determining that the user is legitimate if all of them are selected simultaneously. This can improve security. For example, if two selectable images are displayed in the authentication image and both are selected simultaneously, the authentication condition determination unit 113 determines that the user is legitimate; otherwise, it determines that authentication has failed.
[0095] The following describes an example of hybrid authentication using authentication images and fingerprint authentication. User authentication device 1 includes a fingerprint authentication sensor. When a user places their finger on the display device 5, the fingerprint authentication sensor reads the fingerprint of that finger. User authentication device 1 determines whether the user is a registered user by comparing the read fingerprint with a pre-registered user's fingerprint.
[0096] Figure 13 shows an example configuration of a user authentication device 1 including a fingerprint authentication sensor. The user authentication device 1 includes a display device 51 including a display area 511, a touch panel 52 on its front (viewing) side, and a fingerprint sensor 53 on the back of the display device 51. The fingerprint sensor 53 is, for example, an optical fingerprint sensor or an ultrasonic fingerprint sensor. The type of fingerprint sensor 53 and its stacking position in relation to other devices are arbitrary.
[0097] The sensing area of the fingerprint sensor 53 includes at least a portion of the display area 511 of the display device 51, and the selected image is displayed within that area. The sensing area of the fingerprint sensor 53 may include the entire display area 511 of the display device 5. This allows fingerprint recognition at any position within the display area. Figure 14 shows an example of the relationship between the sensing area 531 and the display area 511 of the fingerprint sensor 53. The sensing area 531 and the display area 511 coincide in a plan view. The sensing area 531 may be wider than the display area 511.
[0098] The user's fingerprint information may be pre-stored in the auxiliary storage device 13. The fingerprint sensor 53 reads the fingerprint of the finger that touches the displayed authentication image and transmits that information to the processing unit 11. The authentication condition determination unit 113 compares the pre-registered fingerprint information of the finger with the fingerprint information received from the fingerprint sensor 53 and determines whether they match or not.
[0099] If a target image is selected and the fingerprint matches, the authentication condition determination unit 113 determines that the user is legitimate. If either of these conditions is different, the authentication of the user is deemed to have failed. If the authentication condition includes the simultaneous selection of multiple target images, for example, two target images, then fingerprints of two fingers are registered in advance. The authentication condition determination unit 113 determines that the user is a registered user if the fingerprint information of the two fingers received from the fingerprint sensor 53 both match the registered information. The types of fingers whose fingerprints are registered may be the same or different in number for the fingers touching simultaneously.
[0100] While embodiments of the present disclosure have been described above, the present disclosure is not limited to the embodiments described above. Those skilled in the art can easily modify, add to, and transform each element of the above embodiments within the scope of the present disclosure. It is possible to replace parts of the configuration of one embodiment with the configuration of another embodiment, and to add the configuration of another embodiment to the configuration of one embodiment. [Explanation of Symbols]
[0101] 1. User authentication device 2 Touch panel display device 11 Arithmetic unit 12 Main storage 13 Auxiliary storage device 14 Input devices 15 Display device 16. Communication equipment 20, 25, 30, 35 Verification images 211, 261, 312, 352 Selected images 111 User Authentication Related Condition Generation Unit 113 Authentication Condition Determination Unit 120 User Authentication Related Conditions Information 121 Selection Target Image Condition Information 122 Authentication Requirements Information 130 Image Information
Claims
1. A device that performs user authentication, Controller and Includes a display device, The controller displays a user authentication image consisting of multiple images on the display device. The aforementioned multiple images include an image to be selected for user authentication, The user authentication conditions include selecting the target image, The aforementioned selected image satisfies the pre-set selection image conditions, The aforementioned selection target image conditions define the positional relationship between the selection target image and surrounding images that are different from the selection target image and satisfy the pre-set surrounding image conditions. Device.
2. The apparatus according to claim 1, The aforementioned multiple images include multiple selected images, The authentication conditions for determining a user as legitimate include the selection of the aforementioned multiple selection images. Device.
3. The apparatus according to claim 1, The aforementioned multiple images are arranged in a matrix. Device.
4. The apparatus according to claim 1, The controller randomly determines the position of the selected image. Device.
5. The apparatus according to claim 1, The controller randomly selects an image different from the selected image within a range that satisfies the selection image conditions. Device.
6. The apparatus according to claim 1, The controller includes, in a series of user authentication processes, the presentation of a user authentication image to the user that does not include the selected image. Device.
7. The apparatus according to claim 1, Touch panel and It further includes a fingerprint sensor, The aforementioned controller, The user input for the user authentication image is received via the touch panel. In user input to the aforementioned touch panel, the user's fingerprint is read, The user authentication conditions include matching the user's fingerprint that has been read with a pre-registered fingerprint. Device.
8. A method by which a device performs user authentication, The aforementioned device A user authentication image consisting of multiple images is displayed. The aforementioned multiple images include an image to be selected for user authentication, The user authentication conditions include selecting the target image, The aforementioned selected image satisfies the pre-set selection image conditions, The aforementioned selection target image conditions define the positional relationship between the selection target image and surrounding images that are different from the selection target image and satisfy the pre-set surrounding image conditions. method.