KR102014408B1 - Method and computer program for user authentication using image touch password - Google Patents

Abstract

A method for setting and inputting a password using an image to perform a user authentication process is disclosed. A user authentication method using an image touch password according to the present invention includes: selecting an image to be used as a password input screen from a user; Receiving an N-digit password from a user; Mapping each digit of the password to N points of interest on the image according to a user input; And generating an image touch password by combining information about the location and order of the point of interest corresponding to each digit of the password, the image selected as the password input screen.

Description

User authentication method using image touch password and computer program for same {Method and computer program for user authentication using image touch password}

The present invention relates to a user authentication method, and more particularly, to a method and a computer program for performing a user authentication process by setting and inputting a password using an image such as a photo.

Various images of the portable terminal are used only for recording and viewing, and are not used for other functional aspects, that is, locking device, user authentication, and user interface of the terminal.

In particular, photographic images are implemented as the composition itself does not consist of clearly defined points or lines, but rather leads to connecting surfaces without accurate boundary lines, which makes it impossible to pinpoint specific pixels in specific areas of the image, and to create millions of high-resolution photographic images. Because there are a myriad of pixels, even if a particular pixel is specified, it is difficult to accurately reconfirm the position of the same specific pixel later.

In addition, the area that can be set as a point of interest (POI) in the picture is the greatest weakness, and it is the weakest point that everyone can predict the point of interest in the picture almost equally. Therefore, there is a problem that it is vulnerable to guessing attack and low security.

On the other hand, because user authentication is often used anywhere, anytime, without any restrictions, security enhancement is becoming more important along with user convenience, and biometric information such as fingerprints, veins, facials, and irises that are strong in surrounding exposure to overcome this problem. Although passwords have been adopted recently, text-based password systems are still used mainly due to various technical problems such as verification of new technologies, recognition errors, user misfits, and anxiety about the leakage of physical information, and economic and practical problems. have.

Recently, with the proliferation of mobile shopping, mobile banking, etc., the importance of security has been highlighted, and the use of numbers and letters in passwords, the use of long passwords (six characters for PIN numbers in mobile banking), periodic password changes, and random virtual keyboards Major changes are being made to enhance security, including the adoption of input methods.

However, this idea of ignoring the user's convenience and the uncomfortable alternatives centered on the provider are not a solution to the weakness caused by the surrounding exposure and guessing attacks in the input, which is the fundamental problem of the character password, so it is left to the user. It is rising. Due to the nature of passwords, the longer and more difficult passwords are, the more secure it is. Therefore, for convenience of users, there is a problem of increasing convenience (convenience) in proportion to increasing security.

The present invention is to solve the problems of the prior art as described above, by providing a user authentication method that can solve both the user's convenience and password security by authenticating the user using the image that is the content that the user is most familiar and easily. It aims to do it.

In order to achieve the above object, according to an embodiment of the present invention, a user authentication method for setting an image touch password in the user terminal, comprising: selecting an image to be used as a password input screen from the user; Receiving an N-digit password from the user; Corresponding each digit of the password to N points of interest on the image according to the user input; And generating an image touch password for the user by combining the image selected as the password input screen, the password, and information about the location and order of the points of interest corresponding to each digit of the password.

The correspondence point of interest may include, when the user touches a predetermined position on the image after inputting the N-digit password, corresponding to each digit of the password according to the touch order.

The point of interest correspondence step may include: generating, by the user, the N setting digits, N setting icons indicating each digit of the input password in a predetermined area on the image; And when the user moves the N setting icons to a desired point of interest on the image, corresponding points of each point of interest and each digit of the password in a moving order.

In the user authentication method, if setting icons indicating candidates that can be entered at each digit of the password are generated in a predetermined area on the image, and the user moves N of the setting icons to the point of interest of the image, The N-digit password may be determined and the interest point corresponding to each digit of the determined password may be determined by referring to the movement order of the setting icons, the moved interest point, and the password candidate displayed by the moved setting icons.

The user authentication method includes: receiving from a user whether to use a random touch that can be touched before or after the N points of interest corresponding to the N-digit password; And storing whether the input random touch is used.

The user authentication method may further include transmitting the N-digit password from the generated image touch password to the authentication server.

According to another embodiment of the present invention, a user authentication method for processing an authentication attempt of a user by using an image touch password may include a password input screen, an N-digit password, and a corresponding digit of the password. Obtaining preset image touch password information including information on a point of interest; Determining whether the image selected by the user is a password input screen set in the image touch password; If the selected image is not a password input screen, determining that user authentication has failed; Acquiring a position and order of points touched by the user on the selected image when the selected image is a password input screen; Determining whether the authentication attempt is successful by determining whether the location and order of the points touched by the user are points of interest corresponding to each digit of the password set in the image touch password and are touched in the digit order of the password; It may include.

In the user authentication method, when it is set to use random touch, the authentication attempt is performed even if the user further touches any point before or after touching the point of interest corresponding to each digit of the password set in the image touch password. Can be determined to be successful.

In the user authentication method, when a one-time password for the user is requested from an authentication server, the N-digit one-time password generated by randomly matching a password value to the points touched by the user is transmitted to the authentication server. Steps may further include.

In accordance with another aspect of the present invention, a user authentication system using an image touch password includes: an input unit configured to receive a user input; A storage unit for storing one or more images and an image touch password set by the user; An image selected as a password input screen by the user among the images stored in the storage unit, an N-digit password input by the user, and points of interest on the image corresponding to each digit of the password according to the user's input. When the image set as the password input screen is selected when the authentication information generation unit for generating the image touch password for the user and storing the storage unit by combining the information and the authentication request, the point touched by the user on the selected image And a control unit including an authentication processing unit to determine whether the authentication attempt is successful by determining whether the location and order of the corresponding points are points of interest corresponding to each digit of the password set in the image touch password and whether the passwords are touched in the order of the digits of the password. can do.

According to the present invention, it is possible to provide an authentication method that can be enjoyed by the user and has high user satisfaction by utilizing emotional elements such as the user's memory, experience, and feeling about the image.

In addition, it is possible to greatly increase the security by preventing the exposure and speculative attacks caused by the exposure of the password input, which is the fundamental and fatal problem of the password using the most and most commonly used numbers or letters.

In addition, since the password is input using an image rather than text, the password cannot be found even when the password input scene is exposed.

In addition, when extracting and using a one-time password (OTP), it is possible to prevent the inconvenience of typing a text or an input error, and to prevent hacking accordingly.

In addition, the existing password system or system is used as it is, and a password input system (device) is used so that only the password input from the terminal is used as a new input method, so it is necessary to change or replace the password of the existing system or user. none.

In addition, users can decorate and create a password input screen by using their own pictures as well as familiar images such as characters, so that the lock screen of the terminal can be personalized and creatively tailored to one's taste.

1 is a block diagram illustrating a configuration of a user authentication system using an image touch password according to an embodiment of the present invention.
2 is a flowchart illustrating a user authentication method of setting an image touch password according to an embodiment of the present invention.
3 to 8 are diagrams for describing various embodiments of a user interface for setting an image touch password.
9 is a flowchart illustrating a user authentication method for processing a user authentication attempt by inputting an image touch password according to an embodiment of the present invention.
10 to 13 are diagrams for describing various embodiments of a user interface for inputting an image touch password.
14 illustrates an example of a user interface for confirming and changing an image touch password according to an embodiment of the present invention.
15 is a view for explaining an example of generating a one time password OTP according to an embodiment of the present invention.

Terms used herein will be briefly described and the present invention will be described in detail.

The terms used in the present invention have been selected as widely used general terms as possible in consideration of the functions in the present invention, but this may vary according to the intention or precedent of the person skilled in the art, the emergence of new technologies and the like. In addition, in certain cases, there is also a term arbitrarily selected by the applicant, in which case the meaning will be described in detail in the description of the invention. Therefore, the terms used in the present invention should be defined based on the meanings of the terms and the contents throughout the present invention, rather than the names of the simple terms.

When any part of the specification is to "include" any component, this means that it may further include other components, except to exclude other components unless otherwise stated. In addition, the terms "... means", "... unit", "module", etc. described in the specification mean a unit for processing at least one function or operation, which may be implemented in hardware or software, or hardware and software. It can be implemented as a combination of.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.

1 is a block diagram illustrating a configuration of a user authentication system using an image touch password according to an embodiment of the present invention.

The user authentication method according to the present invention may be performed by a computing system having a processor, a memory, and an input / output device, and the user authentication system 10 of FIG. 1 is a functional block for a computing system performing the user authentication method of the present invention. It is shown in the form of a figure.

Referring to FIG. 1, the user authentication system 10 includes storage units 12 and 13 including a memory, and the storage unit functionally stores the photo storage unit 12 for storing one or more images held by the user. And an authentication information storage unit 13 for storing the image touch password which is authentication information of the user. In addition, although not shown, the user authentication system 10 may include an input unit for receiving a user input and an output unit including a touch screen.

The user authentication information according to the present invention is generated by combining information about the location of the points of interest on the image selected on the password input screen, the N-digit password, and the image corresponding to each digit of the password. Shall be. A user who attempts to authenticate may select a password input screen correctly from many images and touch the points of interest corresponding to each digit of the password in the predetermined order in order to succeed in authentication. Instead of entering a password through the keyboard, the password is input by touching certain points on the image in the order set by the user.

The user authentication system 10 generates and stores an image touch password as authentication information in response to a user's authentication information setting request, and determines whether authentication is successful by determining whether the image touch password is correctly input in response to the user's authentication request. And a control unit that performs post-processing such as unlocking when the authentication is successful, and the control unit may be implemented in the form of software executed by a processor.

Specifically, the controller may include an image selected as the password input screen by the user among the images stored in the photo storage unit 12, an N-digit password input by the user, and an image on the image corresponding to each digit of the password according to the user's input. When the image set as the password input screen is selected at the authentication information generation unit 11 and the user's authentication request, which generate an image touch password for the user by combining the information on the points and store the image touch password in the authentication information storage unit 13. Authentication to determine whether the authentication attempt is successful by determining whether the position and order of the points touched by the user on the image are points of interest corresponding to each digit of the password set in the preset image touch password and whether the password is touched in the digit order of the password. It may include a processor 14.

In the embodiment of FIG. 1, the picture storage unit 12, the authentication information storage unit 13, the authentication information generation unit 11, and the authentication processing unit 14 are included in one system 10. According to this embodiment, the user authentication system 10 requires a user authentication procedure for logging in or releasing a lock screen for use of a user terminal such as a smartphone, a tablet PC, or a desktop, that is, authentication according to password setting and password input. The present invention can be applied to the treatment.

However, the present invention is not limited to the above embodiment, and the present invention can also be applied to a user authentication procedure for accessing a server through a user terminal in a system in which a user terminal and a server interwork through a network. In this embodiment, at least some or some functions of each component may be implemented on the server side.

2 is a flowchart illustrating a user authentication method of setting an image touch password according to an embodiment of the present invention.

In step S20, when the user selects one of the images stored in the photo storage unit 12, it is set as the password input screen.

The image used as the password input screen in the present invention is not limited to a photographic image taken with a camera, and graphics, such as pictures, characters, cartoons, drawings, maps, typographics, advertisements, renderings, stereoscopic images, holographic images, and the like. The data can be used instead. In addition, the image that can be used as the password input screen can be retrieved from the photo storage folder in the user terminal, such as a smart phone, and may be any image such as downloaded from an external server, scanned, drawn or taken directly.

The user may retrieve images from the photo library of the terminal device and display them on the screen, and use one of them as a password input screen. Since the third party cannot distinguish which of these images is used as the password input screen, it is difficult to predict and hack the password.

Since the user directly selects the password input screen among the images owned by the user, the result of using the recognition information and the knowledge information, which are one of the characteristics of the image, is easy to remember and the security can be enhanced.

After the user selects the image for which the password is to be set, the user interface that supports setting the image as the password input screen, setting the password, and setting the point of interest corresponding to each digit of the password on the image is displayed. Will be provided to the screen.

In step S21, a N-digit password will be input by the user.

In addition to numbers, characters, special characters, symbols, icons, colors, patterns, photos, and pictures may be used in each digit of the password. In addition, the number of passwords may be one or more passwords, ranging from four-digit passwords used in existing financial transactions, six-digit pin numbers for mobile banking, and eight-character combinations of numbers and letters used for Internet user authentication. It can be used in various ways.

One-digit passwords are very susceptible to guessing attacks and cannot be used with normal passwords.However, temporary locks are required to limit the use of young children, but smart refrigerators and door safety locks for home appliances, which require fast use, cannot be used. It will be possible.

In addition, when using a two- or four-digit password that is vulnerable to exposure, the combination of "Random Touch" and "Quick Sliding Pass" described below can be used quickly and immediately, which is convenient and effectively prevents surrounding exposure.

In step S22, a point of interest is assigned to each digit of the password according to the user's input to correspond. For example, after inputting an N-digit password, when the user touches a predetermined position on the image, the user corresponds to each digit of the input password in the order of touch.

The point of interest on the image selected as the password input screen is a point for inputting a password when an authentication attempt is performed, such as a pixel on the image, a setting icon used when setting the point of interest, or a pixel located at the center of an area touched by the user, or setting It may be an area in which an icon is disposed or an area of a touch range, that is, an area including a plurality of pixels.

Step S23 is a step of generating and storing user authentication information. The image touch password is generated by combining information about the location and order of the point of interest corresponding to each digit of the password, the image selected as the password input screen. The location information of each point of interest may be embodied as coordinate information for identifying a corresponding pixel or region.

After the setting of the image touch password is completed, the user interface provided for setting the image touch password, such as a password setting icon and a setting completion icon, may disappear from the screen, leaving only the original photographic image. This is to prevent the third observer from recognizing the password input screen and the touch password input position.

When the user authentication method according to the present invention is applied to unlocking the user terminal, the generated image touch password is stored in the user terminal as authentication information, and when the user attempts to authenticate the user, the authentication process is performed using the stored authentication information. If successful, the user terminal will be unlocked.

On the other hand, the user authentication method according to the present invention is a system consisting of a user terminal for setting and entering an image touch password and an authentication server for receiving and storing authentication information from the user terminal and processing the authentication attempt of the user (for example, mobile banking) , A system for authentication of mobile payment and authentication of an internet user), when the user inputs an image touch password, the corresponding N-digit password is transmitted to the authentication server.

In this embodiment, the user terminal does not need to store information and password for the user, but the authentication server preferably stores the password with the information for the user. This embodiment may be applied to an authentication server supporting only existing password authentication without supporting image touch password.

According to this embodiment, when receiving a password in an attempt to authenticate the user later, the user terminal selects a password input screen and uses an image touch input method of touching a point of interest, and when the user inputs an image touch password, Only the corresponding N-digit password will be sent to the authentication server to request authentication. The server receives the N-digit password and processes the authentication.

In this case, as a means for communicating with the user authentication system and inputting a password through a network, a digital door lock of the front door capable of wired and wireless communication physically separated from the user authentication system, an ATM and a network connected to the network It can be applied to user authentication of automated devices such as financial automation devices, kiosks, and civil documents issuing machines.

As a variation of this embodiment, the user terminal and the authentication server may be configured to store the information and the password for the user, respectively. When receiving a password when the user attempts to authenticate, use the image touch input method of selecting a password input screen on the user terminal and touching the point of interest.When the user enters the image touch password, the user terminal first inputs the correct password. After determining, the password may be transmitted to the authentication server only when the correct input is made. At this time, the information and password for the user can be delivered together.

Since the information and password for the user that is passed to the authentication server match the information already stored in the authentication server, the authentication is treated as a success. This modification can also be applied to an authentication server that supports only existing password authentication without supporting image touch passwords.

However, in another embodiment in which the authentication server supports the image touch password, when the user sets the image touch password through the user terminal, information about the image used as the password input screen, the password and coordinates of points of interest corresponding to the password And image touch password information including all the order information will be transmitted to the authentication server.

In this embodiment, when the user attempts to authenticate later, when the user selects the password input screen on the user terminal and touches the point of interest, and inputs the password through the image touch input method, the user terminal receives the coordinate information and the order of the point of interest touched by the user. Will be sent to the authentication server. If the authentication server determines that the user has touched the points of interest assigned to each digit of the password in the correct order with reference to the image touch password information of the corresponding user, the authentication server performs authentication success processing.

3 to 8 are diagrams for describing various embodiments of a user interface for setting an image touch password.

3 illustrates an example of setting an image touch password by touching a specific part of an image after a user sets a password.

Referring to FIG. 3, the left eye 31 and the right ear of the bear image in order to set a point of interest that is an input position corresponding to each digit of the password “2 4 0 9” in the bear character selected as the password input screen by the user. (32), the right forefoot 33, the point of interest corresponding to the navel 34 in order to touch. When the point designation for each digit of the password is completed, the image including the identification information of the corresponding image, the password "2 4 0 9", the location information and the order information of the four points of interest 31, 32, 33, and 34. The touch password will be generated and stored.

The point of interest set in each digit of the password becomes a password input position when a user attempts to authenticate later. That is, when the image touch password is generated as shown in the example of FIG. 3, if the user later touches four points of interest 31, 32, 33, and 34 in the image, the password “2 4 0 9” is correctly input. Seen as one.

As another example of setting an image touch password, a password may be repeatedly assigned to one point of interest. For example, if you set the password "2 4 0 9" and then touch the left eye of the bear character twice in a row, the first password "2" and the second password "4", two passwords are one point of interest Will be set. If you touch the right ear twice in succession, the third and fourth passwords "0" and "9" are set on the bear character's ears. In other words, the user only touches two points of interest, the eyes and ears of the bear character when entering the password, but the four digits "2 4" and "0 9" are entered.

As another example, a three-digit password "2 4 0" may be set by touching the left eye of the bear character three times in succession, and a password of the remaining one digit ("9") may be set in the right ear. Even in the case of a six-digit pin number, if you set multiple passwords to two or three short passwords as the user intended, the long password can be shortened and used.

This can be a way to prioritize user convenience with shortened passwords that allow users to use shortened and shorter passwords due to surrounding exposure and hacking, and also prevents password entry errors that occur more frequently as they get longer. have.

At this time, the short and simple short password used may be vulnerable to hacking due to exposure or spying on the input, but can be effectively prevented by using a random touch together. From a user's point of view, user authentication can be done quickly and conveniently with just two simple touch inputs in a secure location, while in an insecure place, users can use both random and random touches several times before and after two actual touch passwords. Ambient exposure can be prevented.

In the current password system, even if the user feels insecure, there is no method or device that can be used to defend or avoid it. Therefore, the user's anxiety increases because the user has no choice but to suppress the input screen of the terminal or suppress the use of the password.

However, by using a random touch and a short password together, the user can use the short or long time by adding or subtracting the number of touches of the password according to the surrounding environment.

In this case, the number of random touches used may be one or more than N, but in consideration of random guess attacks, it is preferable to limit the use of eight or less.

4 illustrates an example of setting an image touch password by providing a password setting icon corresponding to each digit of a password according to an embodiment of the present invention.

In this embodiment, when an N-digit password is input by the user, N setting icons indicating each digit of the input password are generated in a predetermined area on the image, and the user desires the N setting icons on the image. If you move to a point, each point of interest corresponds to each digit of the password in the order of movement.

Referring to FIG. 4, when the user browses the images as shown in (a) and selects the image 40 that the user wants to set as the password input screen, the keyboard 41 which is a user interface for inputting a password as shown in (b) is displayed. Is provided. In addition, when the user enters the password through the keyboard 41, a password setting icon 42 is generated according to the number of digits of the password and displayed on one side of the screen.

In this example, since the user inputs the four-digit password "2 4 0 9" on the keyboard 41, four password setting icons 42 displaying '2', '4', '0', and '9' are displayed. It is created at the bottom, and additionally, it can be seen that a completion icon 43 for storing a user's input is also provided.

As shown in (c) of FIG. 4, the user moves each setting icon 42 to predetermined positions 45-1, 45-2, 45-3, and 45-4 on the image to be used as an input position. After the completion icon 43 is touched, an image touch password corresponding to the user's input is generated and stored, and the user interfaces displayed on the image 40 as shown in (d) will be removed from the screen.

An input method such as touch or drag may be used to move the password setting icon 42. In the case of the touch input method, when the user touches the positions 45-1, 45-2, 45-3, and 45-4 of the image 40, '2', '4', and '0' in the order of touching. The setting icons corresponding to '9' will move in sequence. In the case of the drag input method, the position where the user drags and drops each setting icon 42 will be a point of interest corresponding to the password of the corresponding place.

The image touch password generated in this example will include information about the image 40, password "2 4 0 9" and information about points of interest corresponding to each digit of the password.

On the other hand, if the area you want to designate as a point of interest is small or concentrated in one area, and the setting icon is not raised well, you can enlarge the image, move it up, down, left, and right to trim the image, and then specify the point of interest at the desired position. There will be.

FIG. 5 illustrates an example of providing, on an image, a password setting icon more than the number of password digits set by a user according to an embodiment of the present invention.

Referring to FIG. 5, a user sets a four-digit password "2 4 0 9". As shown in (a), ten interest point candidates are generated, and a circle-shaped password setting icon is disposed at each corresponding point, and (b). As shown in FIG. 6, each digit '2', '4', '0', or '9' of the password is set to the corresponding point of interest in the order selected by the user from among the password setting icons.

For example, when the user touches the setting icon 50 disposed on the right ear of the image for the second time, the second digit '4' of the password is displayed on the corresponding setting icon 50, and the right ear portion of the image is shown at '4'. A point of interest corresponding to

When the user wants to set a password to a point other than the candidate point of interest, the user may drag and drop a setting icon near a desired point to a desired position.

The candidate point of interest may be generated by determining a portion of the image that is easy for the user to identify and easy to remember as the password input position, that is, a meaningful point for the user to select. For example, in the case of an image including a picture or character photographing a person, coordinates that are easy for the user to identify, such as eyes, nose, mouth, hands, feet, and navel, may be set as interest point candidates.

In this case, numbers other than the preset password may be randomly arranged in the candidate points of interest other than the image touch password set as the points of interest. This is to make it difficult to predict the actual password when the input screen is taken away by hacking by placing the other numbers not used in the password together with the preset password at the candidate interest point.

6 illustrates an example of simultaneously inputting a password and assigning a point of interest using a password setting icon set disposed at one side of a password input screen according to an embodiment of the present invention.

In this embodiment, setting icons indicating candidates that can be entered at each position of the password are generated in a predetermined area on the password input screen, and when the user moves N of the setting icons to a point of interest on the password input screen. The N-digit password is determined by referring to the movement order of the setting icons, the moved interest points, and the password candidates displayed by the moved setting icons, and the interest points corresponding to each digit of the password are also determined.

In this case, the shortcut password function can be used by repeatedly arranging one or more setting icons at one point of interest. That is, four passwords can be set one at four points of interest, but two or three points of interest can be set.

Referring to FIG. 6A, a set 60 of password setting icons displaying a password that can be input instead of a keyboard for inputting a password is displayed at the bottom of the password input screen. When the user moves the desired setting icon among the setting icons 60 to a desired position as shown in FIG. 6B, the password and the point of interest are set according to the moving order and the position. After both the password and the point of interest are set, user interfaces for password setting will be removed from the screen as shown in FIG.

FIG. 7 illustrates an example of setting a dummy image in addition to a password input screen according to an embodiment of the present invention. One or more dummy images may be set before and after the image set as the password input screen according to a user input.

The dummy image refers to an image without an image touch password setting among images that can be browsed on the authentication attempt screen, and is intended to disguise others not to notice the image set as the actual password input screen. The lock screen of the device is provided with the image (s) set as the dummy image as well as the image selected as the password input screen, and as a result, the album function may be additionally provided.

Referring to FIG. 7, a user selects a desired image 72 among images stored in a device as a password input screen, sets a password and a corresponding point of interest, and selects a plurality of other images 71, 73, 74, 75) was set as the dummy image.

When the user touches a specific location on the dummy image on the lock screen of the device, the same vibration or sound effect as the password input screen may be output to prevent others from distinguishing from the actual password input screen.

8 illustrates an example of setting a password and using a random touch through an input window according to an embodiment of the present invention.

Referring to FIG. 8, as a user interface for inputting an image touch password, an input keypad 82 for inputting a password and a password input window 81 showing a password input through the input keypad 82 are provided. .

In addition, if a desired point on the image 80 is touched by the number of password digits after inputting the password, the password of each digit is set at the point of interest generated at the touch point in the order of the touch, and as shown in FIG. A password setting icon with each digit will be displayed at each point of interest.

Meanwhile, random touch may be used before or after inputting an image touch password. Whether to use random touch may be set according to a user input or may be set as a default. Information on whether the random touch is used will be stored in the authentication information storage unit 13.

When the random touch is set to be used, the authentication attempt will be determined to be successful even if the user further touches any point before or after touching the point of interest corresponding to each digit of the password set in the image touch password. In this case, the random touch may be any number as desired by the user and may touch an arbitrary position.

In FIG. 8, the points of interest that are actually set as the image touch password are points of interest 83 marked with '2', '4', '0, and' 9 ', and the points 84 marked with' x 'are examples of random touch points. Indicates.

FIG. 9 is a flowchart illustrating a user authentication method of processing a user authentication attempt by inputting an image touch password according to an embodiment of the present invention, and FIGS. 10 to 13 are various embodiments of a user interface for inputting an image touch password. It is a figure for demonstrating an example.

In step S90, the preset image touch password information is acquired when the user attempts to authenticate. The information on the image touch password set by the user may include information about an image to be used as a password input screen, an N-digit password, and information about an interest point corresponding to each digit of the password.

In step S91, it is determined whether the image selected by the user is a preset password input screen.

If the image selected by the user is not the password input screen, the flow proceeds to step S95, where it is determined that the user authentication has failed and the processing is performed accordingly. Processing for the authentication failure may be to maintain the locked state of the terminal or to maintain the image browsing mode as it is.

If the image selected by the user fits the password input screen, the flow advances to step S92 to receive the user's touch input. In order to determine whether the received touch input corresponds to a preset password, the position and order of points touched by the user on the password input screen are obtained.

In step S93, it is determined whether the position and order of the points touched by the user are points of interest corresponding to each digit of the password set in the image touch password and are touched in the digit order of the password.

If the preset points of interest are correctly touched and the order of the touches is also in the order of the preset password, the flow advances to step S94 to determine that the authentication attempt is successful and to process accordingly. For example, a process of releasing the locked state of the terminal or allowing the login can be performed.

If the preset points of interest have not been touched correctly or the order of the touches is different from the preset password, the process proceeds to step S95, where it is determined that the authentication attempt has failed and the processing is performed accordingly.

10 is a view for explaining an example of releasing a lock of a terminal by inputting an image touch password according to an embodiment of the present invention.

Referring to FIG. 10, points of interest in the order of the nose 101, the right eye 102, the lips 103, and the jaw 104 of the image 100 correspond to each digit of the password “2 4 0 9”. When the user touches these points of interest in sequence as shown in (a), the terminal is unlocked and ready to use as shown in (b).

In other words, if the points of interest 101, 102, 103, 104 are entered in order, the password “2 4 0 9” is inputted, and the authentication is successful. Since the password is not exposed to the outside, others watch the input scene. I can't tell what the password is.

Since the general password input screen has a similar shape from the password input button to the password input window, the other person can immediately recognize the password input scene. However, the image touch password according to the present invention can be used to determine whether to view a picture even if the other user sees the input scene. You can't tell if you're typing, and there's no special markings like numbers or letters at the password entry location, so you can fully protect your password from exposure. Even if you notice that the password is entered, you cannot find out the actual password because there are no numbers or letters displayed on the screen.

FIG. 11 is a diagram for describing a process of processing an authentication attempt of a user when a random touch is set according to an embodiment of the present invention.

Random touch is a word meaning 'random', which means to disguise the point of interest of a real password when a user touches a specific area on an image and inputs a password. Meaningless touch input.

Referring to FIG. 11, an image including a bear character is set as a password input screen, and the left eye 111, the right ear 112, the right hand 113, and the navel 114 correspond to the four-digit password. As soon as the point of interest is set. The points 115 to 118 denoted by 'X' are examples of random touch points that the user arbitrarily touches, not predetermined points of interest.

If it is set to use random touch, the user additionally touches random points 115 to 118 before or after sequentially touching points of interest 111 to 114 corresponding to each digit of the password set in the image touch password. Even if the authentication attempt is successful.

As another example, although not shown, when displaying a password input screen for user authentication as shown in FIG. 11, when the size of the bear character (image) is enlarged, reduced or moved up, down, left and right and displayed on the screen In addition, since the location coordinate value of the preset point of interest corresponding to the password is changed, it is possible to effectively block keylogging to find out the password using the user's touch position. At this time, the arrangement position of the image is changed randomly according to the number of times or time of use.

12 illustrates an example in which an image touch password is used in a smart watch according to an embodiment of the present invention.

Referring to FIG. 12, if the user's authentication is successful by touching three points of interest in a preset password order in the character image used as the password input screen, the smart watch will be unlocked.

When a character image is used in a wearable device such as a smart watch or an IoT (Internet of Things) application product, the user interface design is more scalable, which enhances product design or interior effect, and utilizes a lock screen displayed when the device first enters. It can also be used for advertising and promotion.

It is difficult to use the key buttons of more than 10 passwords because of the small display space on the device with a small display screen due to the small display screen.However, when using the image touch password according to the present invention, only the number of passwords used is touched or swiped. By pinging, you can overcome these external limitations and increase security with ease of use.

FIG. 13 is a view for explaining an example of using a quick sliding pass when inputting an image touch password according to an embodiment of the present invention.

As described above, when the image touch password is input, each point of interest setting point may be touched, but as shown in FIG. 13, swipe through the order of the point of interest setting icon to quickly touch the setting point to authenticate the user. You may.

In the present invention, a method of inputting an image touch password by inputting a pattern in a swipe operation is called a quick sliding path. The quick sliding pass may be useful when a password with a large number of digits is set in the password input screen, or when the input position is separated from each other or the input screen is small.

In the case of using the quick sliding path, as shown in FIG. 13A, if the interest points set as the image touch passwords are included in the trajectory touched by the user's swipe input, the authentication will be determined to be successful.

On the other hand, when swiping for user authentication, the existing pattern password is always located at the same location, so when replacing the password, discard the familiar pattern and make a new pattern. However, the character image used as the password input screen is used. If you change it to another, the position of the touch points such as eyes, nose, mouth, hands, and feet changes, so the shape of the pattern naturally changes, so even if you use the old password or image touch password without making a new pattern on purpose, The advantage is that the password is replaced anew.

According to this embodiment, the user can easily change the password and naturally induce the pattern change by providing a new character image. In this case, the existing image touch password may be automatically set to the new character by using the interest point setting information of the newly changed character image, or may be manually reset by the user. If the password input screen is changed to another character image, the image touch password will be changed by modifying a point of interest corresponding to each digit of the password while maintaining the password included in the existing image touch password.

In addition, the existing pattern password is displayed on the screen at all times, so that others can easily follow the pattern input scene when the pattern input scene is exposed to the surroundings. In addition, since the elements or locations of points of interest that make the pattern are different for each user, others cannot follow the user.

14 illustrates an example of a user interface for confirming and changing an image touch password according to an embodiment of the present invention.

According to an embodiment of the present invention, a user interface for checking an image touch password location in case a user does not remember a preset image touch password is provided.

Before showing the location of the image touch password, it is necessary to confirm whether the user is, and when setting the image touch password, it is possible to designate a specific position 140 of the password input screen for identity verification.

If the user who has forgotten the image touch password touches a specific position 140 for identity authentication of the image set as the password input screen for a predetermined number of times (for example, five times) or touches it for a predetermined time, As illustrated, a preset password setting icon may be displayed on the points of interest set as the image touch password to store the image touch password set by the user.

As such, when the interest point assigned to the preset password is notified, the password is not displayed on the password setting icon displayed on the point of interest as shown in FIG. 14A, and the setting icon is random on other points in addition to the preset password setting icon. Placed and shown together. The user may immediately find the password setting icon and the point of interest of the point of interest set among the password setting icons through the screen of FIG. 14 (a), but the other person may not know which is the actual icon. . If the user correctly inputs the image touch password on the screen of FIG. 14 (a), the password may be displayed on the corresponding setting icon and provided as shown in (b).

FIG. 15 illustrates an example of generating a one time password OTP according to an embodiment of the present invention.

When the present invention is applied to the generation of the one-time password, if the user touches the points of interest set as the image touch password in order, the user authentication system will generate the password value by randomly changing it according to time or number of times. Specifically, when a one-time password for the user is requested from the authentication server, the N-digit one-time password generated by randomly matching the password value to the points touched by the user is transmitted to the authentication server.

Referring to FIG. 15, a password is set to "2 4 0 9" and a password setting icon represented by 'A', 'B', 'C', or 'D' indicates a point of interest selected by a user when setting an image touch password. . That is, when the password is input, the user may touch the points of interest in the order of nose, right eye, mouth and chin. The user authentication system randomly generates a one-time password by changing the matching of the touch point and number each time the user enters the image touch password. As shown in FIG. 15, when the user first inputs the password after setting the image touch password, the user generates “6 3 8 5” as the one time password, but may generate “4 8 3 1” the next time the password is input. The one-time password generated is sent to the authentication server. Accordingly, the user only touches the points of interest set as the image touch password in the same order, but the password transmitted to the server may be a randomly generated password each time.

Method according to an embodiment of the present invention is implemented in the form of program instructions that can be executed by various computer means may be recorded on a computer readable medium. The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the media may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks, such as floppy disks. Hardware devices specially configured to store and execute optical instructions and program instructions such as ROM, RAM, flash memory and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements of those skilled in the art using the basic concepts of the present invention defined in the following claims are also provided. It belongs to the scope of rights.

Claims (12)

In the user authentication method for setting the image touch password in the user terminal,
Receiving an image to be used as a password input screen from a user;
Receiving an N-digit password from the user;
Corresponding each digit of the password to N points of interest on the image according to the user input;
And generating an image touch password for the user by combining the image selected as the password input screen, the password, and information about the location and order of points of interest corresponding to each digit of the password.
And corresponding each digit of the password to N points of interest on the image according to the user input, wherein each digit password is assigned to the N points of interest. The method of claim 1,
The point of interest corresponding step,
And when the user touches a predetermined position on the image after inputting the N-digit password, corresponding to each digit of the password according to the touch order. The method of claim 1,
The point of interest corresponding step,
When the N-digit password is input by the user, generating N setting icons indicating each digit of the input password in a predetermined area on the image;
And when the user moves the N setting icons to a desired point of interest on the image, mapping each point of interest and each digit of the password according to a moving sequence. The method of claim 1,
When setting icons indicating candidates that can be entered at each position of the password are generated in a predetermined area on the image, and the user moves N of the setting icons to a point of interest of the image, movement of the setting icons And determining a N-digit password and determining a point of interest corresponding to each digit of the determined password by referring to the password candidate displayed by the order, the moved point of interest, and the moved setting icons. The method of claim 1,
Receiving from the user whether to use a random touch that can be touched before or after the N points of interest corresponding to the N-digit password;
And storing whether the input random touch is used. The method of claim 1,
And transmitting the N-digit password among the generated image touch passwords to an authentication server. A computer program recorded on a computer-readable recording medium for executing a user authentication method for setting the image touch password of any one of claims 1 to 6. A user authentication method for processing an authentication attempt of a user using an image touch password,
Acquiring preset image touch password information including a password input screen, an N-digit password, and information on a point of interest corresponding to each digit of the password when the user attempts to authenticate;
Determining whether the image selected by the user is a password input screen set in the image touch password;
If the selected image is not a password input screen, determining that user authentication has failed;
Acquiring a position and order of points touched by the user on the selected image when the selected image is a password input screen;
Determining whether the authentication attempt is successful by determining whether the location and order of the points touched by the user are points of interest corresponding to each digit of the password set in the image touch password and are touched in the digit order of the password; Including;
The information on the points of interest corresponding to each digit of the password is generated by a process of mapping each digit of the password to N points of interest of the selected image according to a user's input. . The method of claim 8,
If it is set to use random touch, it is determined that the authentication attempt is successful even if the user further touches any point before or after touching the point of interest corresponding to each digit of the password set in the image touch password. A user authentication method characterized by the above-mentioned. The method of claim 8,
When the one-time password for the user is requested from the authentication server, transmitting the N-digit one-time password generated by randomly matching the password value to the points touched by the user to the authentication server; A user authentication method characterized by the above-mentioned. A computer program recorded on a computer-readable recording medium for executing a user authentication method for processing an authentication attempt of a user using the image touch password of any one of claims 8 to 10. An input unit for receiving a user input;
A storage unit for storing one or more images and an image touch password set by the user;
An image touch password for the user by combining information about an image selected as a password input screen by the user among the images stored in the storage unit, an N-digit password, and points of interest on the image corresponding to each digit of the password. When the image set as the password input screen is selected when the authentication information generation unit and the authentication request for generating and storing the storage unit in the storage unit are selected, the position and order of the points touched by the user on the selected image are set in the image touch password. And a controller including an authentication processing unit for determining whether the authentication attempt is successful by determining whether the point of interest corresponds to each digit of the password and whether the password is touched in the digit order of the password.
The information about the points of interest on the image corresponding to each digit of the password is generated by a process of assigning a password of each digit to N points of interest according to the user's input. User authentication system using.

Images