Recently, as the Internet or the like is spread widely, web sites operated by membership increase, and use of electronic payment or online based banking services also increase rapidly.
Usually, a general membership based website is operated in a method of performing user authentication by confirming the ID and the password of a user who desires to log into the website after collecting IDs and passwords of members.
In addition, the electronic payment or the online based banking service issues a certain certificate to a terminal of a user and when the user desires to use the electronic payment or the online based banking service, it receives a password, of the certificate from the user and performs authentication on the user.
In such an existing user authentication method, the user's password can be easily exposed by a third person in that the method is operated based on a password configured of only a character string including numerals, alphabet letters and the like. In order to prevent exposure of the password, a complicated password is used recently by combining letters, symbols, numerals, special characters and the like.
Although the conventional security techniques require to set a password as complicated as possible in order to enhance safety of the password, users have a burden of remembering the complicated password as the password is getting more complicated. Contrarily, if a user uses a simple password to easily remember the password, there is a problem in that the security is difficult to maintain. That is, utilization and safety of a password have a kind of trade-off relation with each other.
Various methods are proposed to improve the problem. For example, a method called as a Rhythmic Password has been proposed, and in this method, a password is set by adding a rhythm between numerals when the numerals of the password configured of four digits are input, and the rhythms, as well as each of the numerals, should be matched to unlock the password.
As another example, there is a technique referred to as Timepass, and it has a characteristic of using a pattern of time difference to identify a password by putting a time difference between numerals in inputting a four-digit number.
Although the techniques described above insist that passwords are easy to remember and very safe and the burden of a user for remembering the password can be lessened to some extent compared with a password of a high order digit, possibility of the password to be illegally used by a third person still exists.
Meanwhile, techniques replacing a password with biometric information of a human being, such as a pattern of a finger print, an iris, a voice or a vein, are commercialized instead of using an existing password method, and although these biometric password techniques do not have the burden of remembering a password and are less likely to be illegally used, a biometric device should be included in a terminal or the like, and thus the cost increases according thereto, and the possibility of generating a problem such as personal information leakage or the like is high.
Accordingly, it needs to present a password generation technique which can minimize exposure of a user's password.