1. Field of the Present Invention
The present invention relates to authentication information processing techniques, and particularly to a technique for preventing breaking of authentication information for devices and software that require entry of authentication information.
2. Description of the Related Art
In general, when using a smart card that contains a built-in microprocessor for storing information, or an IC card that is capable of storing information (hereinafter, smart cards and IC cards are generically referred to as cards), a user is required to enter identification information of the user called a PIN (Personal Identification Number) in order to prevent unauthorized use by strangers.
Similarly, various kinds of devices, such as computers, or various kinds of software used in computers (Web pages, various kinds of applications, etc.), too, require entry of authentication information, such as passwords or ID numbers, in order to prevent unauthorized use by strangers.
The various kinds of devices and software accept incorrectly-entry of authentication information for a predetermined number of times in consideration of user's entry error. When incorrectly-entry of authentication information is executed into those devices or software over the predetermined number of times, the processing is executed that using of those devices or software become disabled thereafter.
However, even though such authentication information processing techniques for those devices and software set and use various forms of authentication information, there still remains the possibility that the authentication information may be broken criminally or the authentication information may be broken accidentally.
For example, when an authentication information processing techniques permits to input an unlimited number of times, it is at high risk of breaking the authentication information by malicious strangers. On the other hand, in an authentication information processing techniques, the problem is that mere entry error make the device or software impossible to use when the number of permitted re-entries is setting.
A technique for protecting passwords, a kind of authentication information, from being broken through such wrong entries or unauthorized use is known, which determines a level of error in which case a wrong password is entered and permits re-entry of the password (e.g., refer to Patent Document 1 “JP 11-259425 A”) according to the error level is disclosed. Further, a technique for clearly distinguishing simple keystroke error and wrong entry (see Patent Document 2 “JP 9-212723 A”, for example) is disclosed.
However, the technique of Patent Document 1 previously fixes the number of permitted re-entries, and when a password is determined to be totally different, then re-entry is not permitted and the power is cut off.
Also, concerning the technique of Patent Document 1, it is recently common that a user has a plurality of passwords according to use of devices and plurality of software requiring a password. We can well imagine that a user forget passwords careless according to the number of having passwords. Also, if a user is novice at operating the keyboard, it is more likely that the user enter a wrong password even when remembering the correct password.
From these viewpoints, it is very inconvenient for users that the various kinds of devices or software do not permit users to re-enter authentication information, such as passwords and become unavailable.