JP7764667B2 - Authentication device, authentication method, and authentication program - Google Patents

Description

The present invention relates to an authentication device, an authentication method, and an authentication program.

In order to improve authentication accuracy, for example, Patent Document 1 proposes a system in which a user writes a one-time password, determines whether the handwriting is the user's and whether the password is correct, and allows the user to log in if the password passes.
In order to determine whether a person is the same person or someone else using handwriting analysis, it is necessary to learn the characteristics of the person's handwriting that differ from those of others. However, requiring the user to input a large number of handwritten characters to achieve high-precision analysis places a heavy burden on the user.

For this reason, for example, Patent Document 2 proposes that when handwritten character authentication is successful, the characteristics of the input handwritten characters are saved in a database, thereby updating the learning data for handwriting determination, increasing the identity recognition rate and improving the accuracy of handwriting determination.

Japanese Patent Application Laid-Open No. 2002-183095 Japanese Patent Application Laid-Open No. 2018-147312

However, if a password containing characters with low recognition rates is used for authentication in order to improve the accuracy of personal identification, a dilemma arises in that the authentication accuracy decreases.
Therefore, an object of the present invention is to improve the accuracy of handwriting determination while maintaining the authentication accuracy of handwritten passwords.

The first authentication device of the present invention includes a selection unit that selects one or more first characters that constitute a password; a mixing unit that mixes one or more second characters into the password; an authentication unit that performs password authentication and handwriting determination using the first characters included in the password; and an improvement unit that obtains handwriting characteristics of the second characters included in the password and improves the accuracy of the handwriting determination when the second characters are used as the first characters. The authentication unit does not use the second characters, at least, for handwriting determination. Furthermore, the handwriting determination in the authentication unit may use handwriting characteristics of individual first characters, or handwriting characteristics resulting from a sequence of multiple first characters.

According to the first authentication device, the password contains a mixture of a first character used for password authentication and handwriting determination, and a second character not used for handwriting determination, so authentication accuracy is maintained by the first character. Meanwhile, the second character updates information related to handwriting characteristics, improving the accuracy of personal identification through handwriting determination. Note that handwriting characteristics as used in this specification may include character strokes, writing pressure, writing speed, etc.

It is also known that handwriting characteristics are affected by the physical and psychological environment at the time of handwriting input. Because the second character mixed in with the password is handwritten in the same environment as the first character, there is less variation in the characteristics of the person's handwriting in the password input environment, improving the accuracy of handwriting determination.

In the first authentication device, the authentication unit may perform password authentication and handwriting determination using the handwritten first characters, or the authentication unit may perform handwriting determination using handwritten characters among the first characters and perform password authentication using input characters rather than handwritten characters. When both password authentication and handwriting determination are performed using handwritten first characters, the robustness of authentication is improved. Furthermore, when handwritten characters and non-handwritten characters are used separately for password authentication and handwriting determination, authentication accuracy does not depend on the accuracy of character recognition of handwritten characters.

In the first authentication device, it is preferable that the password is a one-time password, and the selection unit randomly selects the first character from a predetermined character group. Use of a one-time password improves security against password theft, etc.
In the first authentication device, the mixing unit preferably uses, as the second character, a character with weaker handwriting characteristics than the first character. Since more handwriting information is available for characters with weak handwriting characteristics, the accuracy of handwriting determination improves. Here, "weak characteristics" includes cases where the characteristics are known and weak, as well as cases where the characteristics are unknown.

The second authentication device of the present invention comprises a selection unit that selects one or more first words that constitute a password group; a mixing unit that mixes one or more second words into the password group; an authentication unit that performs password authentication and handwriting determination using the first words included in the password group; and an improvement unit that obtains handwriting characteristics of the second words included in the password group and improves the accuracy of the handwriting determination when the second words are used as the first words. The authentication unit does not use the second words, at least for handwriting determination.

With the second authentication device described above, the password group contains a first word used for password authentication and handwriting determination, and a second word not used for handwriting determination, so authentication accuracy is maintained by the first word. Meanwhile, the second word updates information related to handwriting characteristics, improving the accuracy of personal identification through handwriting determination.

Furthermore, since the second word mixed in the password group is handwritten in the same environment as the first word, there is less variation in the characteristics of the person's handwriting in the environment in which the password group is entered, improving the accuracy of handwriting determination.
In the second authentication device, the authentication unit may perform password authentication and handwriting determination using the handwritten first word, or the authentication unit may perform handwriting determination using a handwritten word among the first words, and perform password authentication using an input word rather than a handwritten word.

When both password authentication and handwriting determination are performed on the handwritten first word, the robustness of the authentication is improved. Furthermore, when handwritten and non-handwritten words are used for password authentication and handwriting determination, the authentication accuracy does not depend on the accuracy of character recognition of the handwritten word.
In the second authentication device, it is preferable that the selection unit randomly selects the first word from a predetermined word group. By using the randomly selected words as a password group, security against password theft and the like is improved.

Furthermore, in the second authentication device, the handwriting determination is preferably performed based on the characteristics of handwriting when a word is viewed as a single string of characters. It is believed that the characteristics of an individual's handwriting are more strongly expressed in handwriting when a string of characters is written as a word than when each character is written individually. Therefore, the accuracy of the determination is improved by performing handwriting determination based on the characteristics of handwriting when a word is viewed as a single string of characters.

In the second authentication device, the handwriting determination may be performed based on both the handwriting characteristics of a word as a single character string and the handwriting characteristics of each character of the word, which is expected to further improve the accuracy of the determination.
In the second authentication device, the mixing unit preferably uses, as the second word, a word having weaker handwriting characteristics than the first word. Since more handwriting information is available for words having weak handwriting characteristics, the accuracy of handwriting determination improves. Here, "weak characteristics" includes cases where the characteristics are known and weak, as well as cases where the characteristics are unknown.

In the second authentication device, the first word and the second word are preferably answers to a "secret question." Using the answers to the "secret question" further improves the accuracy of identity verification.
The first authentication method of the present invention includes a selection step of selecting one or more first characters that constitute a password; a mixing step of mixing one or more second characters into the password; an authentication step of performing password authentication and handwriting determination using the first characters included in the password; and an improvement step of obtaining handwriting characteristics of the second characters included in the password and improving the accuracy of the handwriting determination when the second characters are used as the first characters.

According to the first authentication method, similarly to the first authentication device, it is possible to improve the accuracy of handwriting determination while maintaining the authentication accuracy for handwritten passwords.
The second authentication method of the present invention includes a selection step of selecting one or more first words that constitute a password group; a mixing step of mixing one or more second words into the password group; an authentication step of performing password authentication and handwriting determination using the first words included in the password group; and an improvement step of obtaining handwriting characteristics of the second words included in the password group and improving the accuracy of the handwriting determination when the second words are used as the first words.

According to the second authentication method, like the second authentication device, it is possible to improve the accuracy of handwriting determination while maintaining the authentication accuracy of handwritten passwords.
The authentication program of the present invention causes an information processing device to operate as any one of the above authentication devices. According to this authentication program, the authentication device of the present invention can be easily realized by the information processing device.

This invention makes it possible to improve the accuracy of handwriting determination while maintaining the authentication accuracy of handwritten passwords.

1 is a diagram illustrating an example of a transaction authentication system incorporating an embodiment of an authentication device of the present invention. FIG. 2 is a block diagram showing a hardware configuration of the information processing device. FIG. 2 is a functional block diagram showing the internal functions of an authentication client. FIG. 2 is a functional block diagram showing the internal functions of a first authentication server 40 and a second authentication server 50. 3 is a flowchart showing the main operation of the transaction authentication system 10. 10 is a flowchart of a pre-registration process. 10 is a flowchart of a first authentication process. 10 is a flowchart of a second authentication process. FIG. 10 is a diagram illustrating the content of a second authentication process. FIG. 10 is a diagram illustrating an example of generating update characters. FIG. 10 is a diagram illustrating a first modified example. FIG. 10 is a diagram illustrating a second modified example. FIG. 10 is a diagram illustrating a third modified example. FIG. 10 is a diagram illustrating a fourth modified example. FIG. 10 is a diagram illustrating a fifth modified example.

Embodiments of the present invention will be described below with reference to the drawings. However, to avoid unnecessary redundancy in the following description and to facilitate understanding by those skilled in the art, more detailed descriptions than necessary may be omitted. For example, detailed descriptions of matters that are already well-known or duplicate descriptions of substantially identical configurations may be omitted. Furthermore, elements shown in earlier-described figures may be referenced as appropriate in the descriptions of later figures.

FIG. 1 is a diagram showing a typical example of a transaction authentication system incorporating an embodiment of an authentication device of the present invention.
Transaction authentication system 10 is, for example, a client-server system, and is constructed by a server and a client connected via, for example, the Internet 60. Transaction authentication system 10 includes an authentication client 20, and for example includes a first authentication server 40 and a second authentication server 50. Second authentication server 50 corresponds to one embodiment of the authentication device of the present invention.

The first authentication server 40 and the second authentication server 50 constitute the server environment 30 and are connected to each other via the server environment network 70. The first authentication server 40 and the second authentication server 50 may also be connected to each other via the Internet 60, for example. The first authentication server 40 and the second authentication server 50 may be virtual servers built on the cloud, or physical servers built in an on-premises environment. Furthermore, the functions of both the first authentication server 40 and the second authentication server 50 may be realized by a single server, or the functions of the first authentication server 40 may be realized by multiple servers working together, or the functions of the second authentication server 50 may be realized by multiple servers working together.

The functions of the authentication client 20, first authentication server 40, and second authentication server 50 are realized, for example, by installing and executing a program on a general-purpose information processing device (computer). Here, we will explain the hardware configuration of the information processing device that realizes the authentication client 20, first authentication server 40, and second authentication server 50.

FIG. 2 is a block diagram showing the hardware configuration of the information processing device.
Specifically, the information processing device 100 is, for example, a server computer, a PC (Personal Computer), a smartphone, a tablet, or the like.
The information processing apparatus 100 includes a system bus 101 , a CPU 102 (Central Processing Unit), a ROM (Read Only Memory) 103 , and a RAM (Random Access Memory) 104 .

The information processing device 100 further includes a communication interface 105, an input unit 106, a display unit 107, and a storage unit 108.
The system bus 101 interconnects the CPU 102, ROM 103, RAM 104, communication interface 105, input unit 106, display unit 107, and storage unit 108, and serves as a path for transferring various types of data.

The CPU 102 controls the information processing device 100 by comprehensively controlling the components shown in Figure 2. The ROM 103 stores control programs and the like executed by the CPU 102. The RAM 104 functions as the main memory and work area of the CPU 102, temporarily storing programs and data.

The communication interface 105 is an interface for transmitting and receiving data etc. via a network, and is, for example, a wireless LAN interface, a wired LAN interface, a public mobile communication interface, etc., but may be other interfaces.
The input unit 106 is an interface through which a user inputs a password, instructions, etc. to the information processing device 100, and is, for example, a keyboard, a mouse, buttons, a touchpad, a touch panel, a stylus pen, a liquid crystal tablet, a pen tablet, or the like.

The information processing device 100 that realizes the authentication client 20 includes a touch panel, stylus pen, LCD tablet, or pen tablet in the input unit 106. Furthermore, if biometric authentication is used to log in to the transaction authentication system 10, the information processing device 100 that realizes the authentication client 20 includes a scanner, camera, or the like for reading biometric authentication information in the input unit 106. On the other hand, the information processing device 100 that realizes the first authentication server 40 and the second authentication server 50 does not need to include an input unit 106.

The display unit 107 is a display that displays images, displays information input by the input unit 106, and displays the results of processing by the CPU 102. In one example, the information processing device 100 that implements the authentication client 20 is a display with a touch panel, in which the input unit 106 and display unit 107 are integrated. The information processing device 100 that implements the first authentication server 40 and the second authentication server 50 does not need to be equipped with the display unit 107.

The memory unit 108 stores various types of data. The memory unit 108 may be, for example, a storage device such as a hard disk drive (HDD) or solid state drive (SSD). Alternatively, the memory unit 108 may be, for example, an auxiliary storage device using a universal serial bus (USB) or secure digital (SD). In the information processing device 100 that implements the first authentication server 40 and the second authentication server 50, a database (DB) is constructed in the memory unit 108.

FIG. 3 is a functional block diagram showing the internal functions of the authentication client.
The functions of the authentication client 20 are realized by a browser 201 as an example, but may also be realized by an application.
The authentication client 20 includes an account registration function 202 , a first authentication function 205 , a handwriting pre-registration function 208 , a second authentication function 211 , and an important transaction function 214 .

The account registration function 202 is a function for registering an account for a transaction, and includes an account information input unit 203 and an account registration unit 204 .
The first authentication function 205 is a function for performing account login authentication, and includes a login information input unit 206 and a login authentication unit 207 .

The handwriting advance registration function 208 is a function for registering a user's handwriting when registering an account, and includes a handwriting registration character display unit 210 and a handwriting input/collection unit 209 .
The second authentication function 211 is a function for performing authentication using a one-time password when, for example, an important transaction is made, and includes a one-time password display unit 212 and a handwriting input/collection unit 213 .

The important transaction function 214 is a function that, if authentication using a one-time password is successful, accesses a business server (not shown) and executes an important transaction. Important transactions include, for example, the transaction of a high-value item on a sales site, the viewing and editing of personal information on various sites, and the transfer of funds on a financial site.

FIG. 4 is a functional block diagram showing the internal functions of the first authentication server 40 and the second authentication server 50. As shown in FIG.
The first authentication server 40 includes a first authentication function 401 and an account DB 404 .
The first authentication function 401 is a function for performing account registration and login authentication, and includes an account registration API (Application Programming Interface) 402 and a first authentication API 403 .

The account DB 404 is a database that stores account information.
The second authentication server 50 includes a handwriting pre-registration function 501 , a second authentication function 505 , a common functional component 508 , and a handwriting information DB 514 .
The handwriting advance registration function 501 is a function for registering a user's handwriting, and includes a handwriting registration confirmation API 502 , a handwriting registration character string generation API 503 , and a handwriting registration API 504 .

The second authentication function 505 is a function for performing authentication using a one-time password, and includes a one-time password generation API 506 and a one-time password authentication API 507 .
The common functional components 508 are functional components commonly used within the second authentication server 50 , and include a character recognition unit 509 , a character feature calculation unit 510 , a personal score calculation unit 511 , a personal handwriting determination unit 512 , and a DB access API 513 .

The handwriting information DB 514 is a database that stores handwriting characteristics and handwriting information of each user.
The operation of transaction authentication system 10 shown in FIG. 1 will now be described with reference to FIGS. 2 and 3 and a flowchart.

FIG. 5 is a flowchart showing the main operation of the transaction authentication system 10.
FIG. 5 shows the linear processing operations leading to a particular transaction of interest, omitting branching of processing operations leading to other transactions performed by transaction authentication system 10.
When the main operation of the transaction authentication system 10 is started, a pre-registration process is first executed in step S101. The pre-registration process is a process for registering an account and registering the user's handwriting. In principle, the pre-registration process is skipped when logging in for the second time or later, but if the user selects this option from a menu or the like, the handwriting registration process may be executed again.

Next, in step S102, the first authentication process is executed. The first authentication process is a process for performing authentication using login information. Then, in step S103, it is determined whether the authentication in the first authentication process is successful. If the authentication in the first authentication process fails (step S103; No), the process proceeds to step S104, where the login is rejected. The processing operations performed after the login is rejected are not shown in the figure, but any well-known processing operations may be employed. As an example of the processing operations performed after the login is rejected, the process may return to the first authentication process in step S102 and retry authentication up to a predetermined number of times.

On the other hand, if the authentication in the first authentication process is successful (step S103; Yes), the process proceeds to step S105, where the second authentication process is executed.
In the second authentication process, authentication is performed using a one-time password, and data is updated to improve the accuracy of handwriting determination. Then, in step S106, it is determined whether authentication in the second authentication process is successful. If authentication in the second authentication process fails (step S106; No), the process proceeds to step S107, where the important specific transaction is rejected. Although illustration of the processing operations after the transaction is rejected is omitted, any well-known processing operations may be employed. As a processing operation after the transaction is rejected, for example, the processing operation may return to the second authentication process in step S105 and retry authentication up to a predetermined number of times. Furthermore, when the second authentication process is retried, the number of characters in the one-time password may be increased.

On the other hand, if the authentication in the second authentication process is successful (step S106; Yes), the process proceeds to step S108, where the important specific transaction is executed by the important transaction function 214 of the authentication client 20.
The details of the pre-registration process, the first authentication process, and the second authentication process will be described below with reference to FIGS. 3 and 4 and flowcharts.

FIG. 6 is a flowchart of the pre-registration process.
In the pre-registration process, first, in step S201, the account information input unit 203 of the authentication client 20 collects account information necessary for account registration, such as the user's personal information and login information such as an ID and password. Specifically, an account information input screen is displayed, and the user inputs information for various items that will become the account information. The login information included in the account information may be, for example, information from biometric authentication that uses physical characteristics such as face, fingerprint, or veins, or information from other conventionally well-known personal authentication methods.

Next, in step S202, the account registration unit 204 of the authentication client 20 transmits the account information to the account registration API 402 of the first authentication server 40, and the account information is registered in the account DB 404 by the account registration API 402.
After the account information is registered, the process proceeds to step S203, where a handwriting registration character string is generated. That is, the handwriting pre-registration function 208 of the authentication client 20 requests the handwriting pre-registration function 501 of the second authentication server 50 to generate a handwriting registration character string. In the handwriting pre-registration function 501 of the second authentication server 50, the handwriting registration confirmation API 502 accesses the handwriting information DB 514 via the DB access API 513 to confirm whether the handwriting of the individual registered for the account has already been registered. Then, the handwriting registration character string generation API 503 generates a handwriting registration character string.

If no handwriting registration exists, the handwriting registration string generation API 503 may generate a predetermined string as the handwriting registration string, or may randomly generate a handwriting registration string. If handwriting registration exists, the handwriting registration string generation API 503 generates a handwriting registration string, for example, by prioritizing characters that are not registered for the individual in the handwriting information DB 514, or characters that are registered but have little data. Handwriting registration strings may, for example, contain kanji, numbers, or English letters. It is preferable to use character strings that are familiar to write, such as words, as these tend to reveal an individual's characteristics in their handwriting.

The handwriting registration string generation API 503 transmits the generated handwriting registration string to the handwriting pre-registration function 208 of the authentication client 20 .
After the handwriting registration character string is generated, the process proceeds to step S204, where the user's handwriting is collected. That is, in the authentication client 20 that has received the handwriting registration character string, the handwriting registration character display unit 210 of the handwriting pre-registration function 208 displays the handwriting registration character string on the display, and prompts the user to input it by hand. The user writes the displayed handwriting registration character string by hand on the touch panel.

The handwriting input and collection unit 209 of the handwriting pre-registration function 208 acquires handwriting information of the handwritten handwriting registration character string. Any conventionally known method may be used to acquire handwriting information. However, for example, acquiring the handwriting information as strokes, as disclosed in Patent Document 2, is preferable as it makes it easier to calculate handwriting characteristics. Other information such as writing pressure and writing speed may also be included as handwriting information. The handwriting input and collection unit 209 transmits the acquired handwriting information to the handwriting registration API 504 of the second authentication server 50.

After collecting the handwriting, the process proceeds to step S205, where the user's handwriting features are registered. That is, upon receiving the handwriting information, the handwriting registration API 504 first performs character recognition using the character recognition unit 509 of the common functional component 508. Then, the handwriting registration API 504 calculates the feature value of the user's handwriting for each recognized character using the character feature calculation unit 510 of the common functional component 508. For example, the feature value of the handwriting may be the feature vector disclosed in Patent Document 2.

Furthermore, the handwriting registration API 504 uses the character feature calculation unit 510 to statistically process the feature values of the user and those of others for each character, and calculates a feature strength for each character that represents the probability that the user can be identified as an individual. The smaller the variation in feature values for a character, and the greater the difference from the feature values of others, the stronger the characteristics of the user's handwriting, and the higher the feature strength.

Finally, the handwriting registration API 504 registers the feature value, feature strength, handwriting information, etc. for each user in the handwriting information DB 514 via the DB access API 513 of the common functional component 508 .
After registering the handwriting characteristics, the process proceeds to step S206, where it is determined whether or not the handwriting has been registered to a degree sufficient to enable minimum handwriting determination. If it is determined that the minimum handwriting determination is not possible (step S206; No), the process returns to step S203, where further handwriting collection and registration is performed.

On the other hand, if it is determined that the handwriting registration has reached a minimum level at which handwriting determination is possible (step S206; Yes), the pre-registration process ends. By keeping handwriting registration in pre-registration to a minimum, the burden on the user is reduced.

FIG. 7 is a flowchart of the first authentication process.
In the first authentication process, first, in step S301, login information is acquired. That is, in the first authentication function 205 of the authentication client 20, the login information input unit 206 displays a login information input screen to prompt the user to input the login information. The user inputs the login information on the input screen, and the login authentication unit 207 of the first authentication function 205 sends the input login information to the first authentication API 403 of the first authentication server 40.

After obtaining the login information, the process proceeds to step S302, where authentication is performed using the login information. That is, the first authentication API 403 of the first authentication server 40 that received the login information compares the received login information with the login information contained in the account information registered in the account DB 404. The first authentication API 403 then determines that authentication is successful if the login information matches, and determines that authentication is unsuccessful if the login information does not match.

FIG. 8 is a flowchart of the second authentication process, and FIG. 9 is a diagram showing the details of the second authentication process.
In the second authentication process, first, in step S401, a one-time password is generated. That is, the second authentication function 211 of the authentication client 20 requests the second authentication function 505 of the second authentication server 50 to generate a one-time password. Then, the one-time password generation API 506 in the second authentication function 505 of the second authentication server 50 generates a character string that constitutes the one-time password.

As an example, as shown in FIG. 9, the character string of the one-time password 601 is composed of characters randomly selected from a set 602 of characters that have strong personal characteristics among the characters registered in the handwriting information DB 514. The characters selected from the set 602 of characters that have strong personal characteristics correspond to an example of the first character referred to in the present invention, and the one-time password generation API 506 corresponds to an example of the selection unit referred to in the present invention.

Although FIG. 9 shows a one-time password 601 using alphabetic characters as an example, the one-time password generation API 506 may generate a one-time password using numbers, symbols, hiragana, katakana, kanji, or the like.
After the one-time password 601 is generated, the process proceeds to step S402, where update characters 603 are added to the one-time password 601. That is, the one-time password generation API 506 of the second authentication server 50 generates update characters 603 for improving the accuracy of handwriting determination, and adds the update characters 603 to the one-time password 601 so that they are mixed in.

As an example, the update character 603 is selected from a set of characters 604 that are not included in the set of characters 602 that have strong personal characteristics. The update character 603 corresponds to an example of the second character referred to in the present invention, and the one-time password generation API 506 corresponds to an example of the mixed section referred to in the present invention.

FIG. 10 is a diagram showing an example of generating update characters.
In the generation example shown in Fig. 10, a set of password characters 602 and a set of update characters 604 are separated. The characters included in the set of update characters 604 have weaker handwriting characteristics than the characters included in the set of password characters 602. That is, as shown in the graph in Fig. 10, when the characters are sorted by the strength of their characteristics, the update and password characters are separated by a boundary 607 of the strength of the characteristics. Then, in step S402 in Fig. 8, for example, the character with the strongest characteristics (here, "F" is used as an example) is selected from the characters included in the set of update characters 604 and generated as the update character 603. Note that multiple update characters 603 may be generated for one one-time password 601.

After the update characters 603 are added, the process proceeds to step S403 in FIG. 8, where the handwriting of the one-time password is collected. That is, the one-time password 601 with the update characters 603 added is sent to the second authentication function 211 of the authentication client 20, and is displayed on the display by the one-time password display unit 212. The handwriting input and collection unit 213 also prompts the user to write the one-time password 601.

The one-time password 601 may be displayed via a terminal device other than the authentication client 20, such as a smartphone.
Upon viewing the display of the one-time password 601, the user writes down the one-time password 605 on the touch panel. At this time, the user also writes down the update characters 606 without distinguishing them from the one-time password 605. The handwriting input/collection unit 213 in the second authentication function 211 of the authentication client 20 then acquires the handwriting of the written one-time password 605, including the update characters 606. The acquired handwriting is sent to the one-time password authentication API 507 of the second authentication server 50.

After collecting the handwriting of the one-time password, the process proceeds to step S404, where character recognition is performed on the written one-time password 605. That is, the one-time password authentication API 507 performs character recognition on the one-time password 605 using the character recognition unit 509 of the common functional component 508. Then, in step S405, the one-time password authentication API 507 determines whether the password character portion included in the one-time password 605 matches the one-time password 601 generated in step S401. The one-time password authentication API 507 corresponds to an example of the authentication unit referred to in the present invention.

In addition, in password authentication, the update characters 606 included in the one-time password 605 may also be used as part of the password. Even if the update characters 606 are part of the password, if they are used only for password authentication and not for handwriting determination, the accuracy of personal authentication is prevented from decreasing.

If the character portion for the password is incorrect (step S405; No), the process proceeds to step S406, where authentication fails.
On the other hand, if the password character portion is correct (step S405; Yes), the process proceeds to step S407, where handwriting characteristics are calculated. That is, the one-time password authentication API 507 uses the character characteristic calculation unit 510 of the common functional component 508 to calculate handwriting characteristics for each character included in the one-time password 605. At this time, handwriting characteristics are also calculated for the update character 606 included in the one-time password 605. As a specific method for calculating handwriting characteristics, for example, the calculation method disclosed in Patent Document 2 is used.

The handwriting features may be those of individual characters or those of a sequence of characters, although the handwriting features of a sequence including the update character 606 are not used for handwriting determination.
Also, in step S407, the personal score calculation unit 511 compares the handwriting characteristics of the password character portion with the handwriting characteristics registered in the handwriting information DB 514, and calculates a personal score that indicates the likelihood of the handwriting being the person's own.
After the personal score is calculated, the process proceeds to step S408, where a determination is made as to whether the password character portion included in the one-time password 605 is the user's own handwriting.

In other words, the authentic handwriting determination unit 512 determines whether the handwriting is that of the user based on the personal score of each character in the password character portion. The authentic handwriting determination unit 512 performs handwriting determination based on criteria such as whether the average personal score exceeds a predetermined threshold, or whether there are a predetermined number or more characters with personal scores that exceed the predetermined threshold.

If it is determined that the handwriting is not that of the person in question (step S408; No), the process proceeds to step S406, where authentication fails. On the other hand, if it is determined that the handwriting is that of the person in question (step S408; Yes), the process proceeds to step S409, where authentication is successful.
In the determination in step S408, the password character portion included in the one-time password 605 is targeted, so that authentication accuracy is maintained even if the update character 606 is mixed in.

After step S409, the process proceeds to step S410, where the one-time password authentication API 507 uses the handwriting characteristics of the update character 606 included in the one-time password 605 to update the information registered in the handwriting information DB 514. When updating the information, the one-time password authentication API 507 uses the handwriting characteristics of the update character 606 calculated by the character characteristics calculation unit 510.

The one-time password authentication API 507 also uses the character feature calculation unit 510 of the common functional component 508 to update the feature strength of the update character 606. The combination of the one-time password authentication API 507 and the character feature calculation unit 510 corresponds to an example of the improvement unit referred to in the present invention. By updating the information in the handwriting information DB 514, the amount of data on the user's handwriting increases, so that, for example, the update character 606, which had weak features, becomes stronger in features, and feature information can be obtained for the update character 606, for example, whose features were unknown. As a result, the handwriting determination accuracy for the update character 606 improves, making it possible to use the update character 606 as a password.

Modifications to the above-described embodiment will be described below.
In the above embodiment, a character string in which characters are arranged randomly is generated as the one-time password 601 in the second authentication, but in the first modified example, a word is generated as the one-time password.

FIG. 11 is a diagram showing a first modified example.
In the first modification, the password character set 602 and the update character set 604 are separate sets, but the one-time password 601 consisting of the password characters and the update characters 603 forms a word (here, "PIANO" is used as an example). The one-time password 601 is then written by the user.

In this case, because the user consciously writes the word that is the one-time password 601, the handwriting of the written one-time password 605 is likely to reveal personal characteristics. Therefore, by updating the information in the handwriting information DB 514 with the handwriting of the update character 606 written as part of the word, a significant improvement in the accuracy of handwriting determination is expected.

In addition, in the first variant, in addition to handwriting judgment based on password characters contained in the word that is the one-time password 601, handwriting judgment may also be performed on the word as a whole. When the word is considered as a whole, handwriting judgment will include the update characters 606, which are not very distinctive as individual characters. However, because individual characteristics tend to appear in handwriting as a word, a decrease in judgment accuracy is suppressed. On the other hand, improved judgment accuracy is expected by combining handwriting judgment based on individual characters and handwriting judgment as a word.

Next, a second modified example will be described. In the second modified example, during the second authentication, words are used instead of letters, and a password group is used instead of a one-time password.
FIG. 12 is a diagram showing a second modified example.
In the second modified example, when registering an account, word answers to a plurality of "secret questions" and handwriting for each answer are collected and registered. The handwriting in the second modified example is handwriting as the answer words. As an example, a set 701 of answers (words) for a password and a set 702 of answers (words) for handwriting update are prepared. The words included in the set 701 for a password have stronger handwriting characteristics than the words included in the set 702 for handwriting update.

In the second variant, a set of questions 703 is generated during the second authentication to prompt the user to enter a set of passwords 705. The generation of the set of questions 703 essentially corresponds to the generation of the set of passwords 705. The set of questions 703 includes a mixture of "secret questions" that prompt the user to enter words, for example, randomly selected from the set of passwords 701, and "secret questions" 704 that prompt the user to enter words selected from the set of handwriting updates 702.

The generated set of questions 703 is presented to the user, who then inputs a set of passwords 705 by writing down answers to each question in the set of questions 703. By having the user input the set of passwords 705 in response to the presentation of the set of questions 703, the confidentiality of the passwords is increased compared to one-time passwords. Furthermore, by randomly selecting answers from the set of passwords 701, the same randomness and transience as one-time passwords are achieved.

In addition to or instead of the "secret question," the question 704 requesting the answer 706 for updating the handwriting may be a question that requests the user to enter the kana version of an address or name that is registered in the system in kanji. Such questions are preferable because they allow the user to obtain handwriting information in kana characters that is highly useful for handwriting determination.

When writing the password group 705, the user writes the answer 706 for updating handwriting without distinguishing it from the answer for the password, so that the handwriting in the answer 706 for updating handwriting and the handwriting in the answer for the password are unlikely to be blurred.
In the second modification, authentication is performed using the password answer included in the password group 705. That is, authentication as to whether the answer is correct or not and determination as to whether the handwriting of the answer is the user's handwriting or not are performed based on the password answer. On the other hand, the handwriting update answer 706 included in the password group 705 is used to update the information in the handwriting information DB 514, improving the accuracy of handwriting determination.

Next, we will explain the third variant. In this variant, some characters of the one-time password are entered by keystrokes. Here, "keystroke entry" is a general term for non-handwritten entry, including not only entry by operating a keyboard, but also selection operations using a mouse or touch screen.

FIG. 13 is a diagram showing a third modified example.
1 to 10, the user inputs a one-time password 801. However, some characters 803 of the one-time password 801 are entered by keyboard, and the other characters 802 and 804 are written by hand.

In the third variant, the information in the handwriting information DB 514 is updated with the handwriting of the written update character 802, out of the characters 802, 803, and 804 that make up the input one-time password 801. Furthermore, password authentication and handwriting determination are performed using the password characters 803 and 804, excluding the update character 802, out of the characters 802, 803, and 804 of the input one-time password 801. Therefore, the password characters 803 and 804 correspond to an example of the first character referred to in the present invention, and the update character 802 corresponds to an example of the second character referred to in the present invention.

However, in the third variant, character recognition is not performed by the character recognition unit 509. Instead, password authentication is performed using the key-entered character 803 out of the password characters 803 and 804, and handwriting determination is performed using the handwritten character 804. This allows reliable authentication even for users who, for example, have strong handwriting habits and a low character recognition rate.

The distinction between the characters 803 entered by keying and the characters 802, 804 written in the one-time password 801 may be specified by the system, or may be selected arbitrarily by the user. If specified by the system, for example, a random portion of the password characters 803, 804 may be designated as the characters entered by keying, or a character with strong handwriting characteristics may be designated as the characters written by hand 804. If selected arbitrarily by the user, for example, the number of characters entered by keying and the number of characters written may be specified by the system, and the user may select characters from the one-time password 801 with the specified number of characters.

If the handwriting of the written password characters 804 is determined to be that of the user, it is assumed that the specified characters have been entered correctly, and so the password characters may also be used for password authentication. In this case, all of the password characters 803 and 804 in the one-time password 801 are used for password authentication, and only the written characters 804 are used for handwriting determination.

Next, we will explain the fourth variant. In the fourth variant, words are used instead of letters during the second authentication, and a password group is used instead of a one-time password. Also, as with the third variant, some words from the password group are keyed in.

FIG. 14 is a diagram showing a fourth modified example.
In the fourth modification, the system presents the user with a plurality of words, for example, randomly selected, and the user inputs a password group 901 consisting of these words. Some words 903 in the password group 901 are entered by keyboard, and the other words 902 and 904 are written by hand.

In the fourth variant, the information in the handwriting information DB 514 is also updated with the handwriting of the written update word 902 from the input password group 901. Furthermore, password authentication and handwriting determination are performed using the password words 903 and 904 from the input password group 901, excluding the update word 902. Therefore, the password words 903 and 904 correspond to an example of the first word referred to in the present invention, and the update word 902 corresponds to an example of the second word referred to in the present invention.

In the fourth variant, as in the third variant, character recognition is not performed by the character recognition unit 509. Instead, password authentication is performed using the keyed word 903 out of the password words 903 and 904, and handwriting determination is performed using the written word 904. Therefore, in the fourth variant, high authentication accuracy can be achieved without relying on the accuracy of character recognition. The distinction between the keyed word 903 and the written words 902 and 904 in the password group 901 may be specified by the system or may be selected arbitrarily by the user.

Next, we will explain the fifth variant. In the fifth variant, as with the second variant, the answer to the "secret question" is used as a word from the password group during the second authentication. Also, as with the fourth variant, some words from the password group are keyed in.

FIG. 15 is a diagram showing a fifth modified example.
In the fifth modified example, a question group 1001 is generated to prompt the user to input a password group 1003. The question group 1001 includes a question 1002 prompting the user to enter a word for updating handwriting. The user inputs a password group 1003 as answers to the question group 1001. Some answers 1005 in the password group 1003 are entered by keyboard, and the other answers 1004 and 1006 are written by hand.

In the fifth variant, the information in the handwriting information DB 514 is also updated with the handwriting of the written update answer 1004 from the input password group 1003. Furthermore, password authentication and handwriting determination are performed using the password answers 1005 and 1006 from the input password group 1003, excluding the update answer 1004. Therefore, the password answers 1005 and 1006 correspond to an example of the first word referred to in the present invention, and the update answer 1004 corresponds to an example of the second word referred to in the present invention.

In the fifth variant, as in the third variant, character recognition is not performed by the character recognition unit 509, and of the password answers 1005 and 1006, password authentication is performed using the key-entered answer 1005, and handwriting determination is performed using the written answer 1006. Therefore, in the fifth variant, high authentication accuracy can be achieved without relying on the accuracy of character recognition.

Although the above description shows an example in which the authentication device of the present invention is incorporated into a transaction authentication system, the authentication device of the present invention may be incorporated into a system other than a transaction authentication system, or may be a standalone device that is not incorporated into a system.
Furthermore, although the above description shows an example in which the functions of the second authentication server 50, which is one embodiment of the authentication device of the present invention, are realized by a program, the authentication device of the present invention may also be realized by dedicated hardware.

In addition, while the above explanation gives examples of predetermined character strings and random character strings as handwriting registration character strings when registering an account, account information such as name, address, annual income, answers to secret questions, and answers to questionnaires may be used as an alternative to the handwriting registration character string, and handwriting registration may be performed using handwritten characters. Furthermore, a combination of a randomly generated character string and the above alternative information may also be used as an alternative to the handwriting registration character string.

In addition, while the above explanation shows an example in which the update characters are selected from a set separate from the set of characters for the password, the update characters may also be selected from the set of characters for the password. In this case, the accuracy of handwriting determination is improved by selecting, for example, characters from the password that have weaker characteristics than the other characters.

10...Transaction authentication system, 20...Authentication client, 30...Server environment, 40...First authentication server, 50...Second authentication server, 60...Internet, 70...Network within server environment, 100...Information processing device, 202...Account registration function, 205...First authentication function, 208...Handwriting pre-registration function, 211...Second authentication function, 214...Important transaction function, 401...First authentication function, 404...Account DB, 501...Handwriting Pre-registration function, 502...Handwriting registration confirmation API, 503...Handwriting registration string generation API, 504...Handwriting registration API, 505...Second authentication function, 506...One-time password generation API, 507...One-time password authentication API, 508...Common functional component, 509...Character recognition unit, 510...Character feature calculation unit, 511...Personal score calculation unit, 512...Handwriting determination unit, 513...DB access API, 514...Handwriting information DB

Claims (10)

a selection unit that selects one or more first words that constitute the password group;
a mixing unit for mixing one or more second words into the password group;
an authentication unit that performs password authentication and handwriting judgment using the first word included in the password group;
an improving unit that obtains handwriting characteristics of the second word included in the password group and improves the accuracy of the handwriting determination when the second word is used as the first word;
An authentication device comprising: The authentication device described in claim 1, wherein the authentication unit performs password authentication and handwriting determination using the handwritten first word. The authentication device described in claim 1, wherein the authentication unit performs handwriting determination using handwritten words among the first words, and performs password authentication using input words rather than handwritten words. The authentication device described in claim 1, wherein the selection unit randomly selects the first word from a predetermined group of words. The authentication device described in claim 1, wherein the handwriting determination is performed based on the characteristics of the handwriting when the word is viewed as a single string of characters. The authentication device described in claim 1, wherein the handwriting determination is performed based on both the handwriting characteristics of a word viewed as a single character string and the handwriting characteristics of each character obtained by breaking down the word. The authentication device described in claim 1, wherein the mixing unit uses a word with weaker handwriting characteristics than the first word as the second word. The authentication device of claim 1, wherein the first word and the second word are answers to a "secret question." The computer
a selection step of selecting one or more first words that constitute a password group;
a mixing step of mixing one or more second words into the group of passwords;
an authentication step of performing password authentication and handwriting judgment using the first word included in the password group;
an improving step of obtaining handwriting characteristics of the second word included in the password group and improving the accuracy of the handwriting determination when the second word is used as the first word;
The authentication method to perform. An authentication program for causing an information processing device to operate as the authentication device according to any one of claims 1 to 8 .