1. Field of the Invention
The present invention relates generally to a user authentication method, and in particular, to a user authentication method using a password.
2. Description of the Related Art
In general, user authentication (authentification) to confirm a user is conducted when usage approval needs to be granted to the user who is permitted to use an on-line service, a locking device, or a security device. To confirm the user's identification with absolute certainty, anything that only the user is aware of or owns, or the user's physical characteristics or personal habits could be used. The most basic and general one among those is a password composed of characters that are known to the user only. The characters here include letters, numbers, symbols, signs etc.
In case of using those kinds of passwords for user authentication, it is necessary to make a very advanced password in order to reinforce the security thereof. To this end, encipherment algorithm method requiring a very complex mathematical operation has been widely used. Especially when a higher security policy is requested, a much more advanced mathematical operation or a combination using probability calculation was used.
Naturally, the conventional encipherment system, which is based on a complicated mathematical algorithm, required high costs, much time and fast processing. However, in a case where the high security policy is not requested but only a simple encipherment procedure is, because the case does not need an advanced password, the requirements aforementioned could be wasting overhead.
On the other hand, the problem of the authentication using a password is that, if, in any case, a user's password is exposed to another person, say, another person peeked at it while the user is inputting the password, or by some other reasons, the authentication using the exposed password worked anyway regardless of the user's identity. It is also true that most of users pick up very simple passwords that are easy to remember and use the same password in many other cases as well. Therefore, the password exposure itself can cause a personal information drain and further very serious social problems. Unfortunately though, when some people use very long-digit passwords in trying to make it difficult for other people to remember their passwords in case the passwords are exposed, they often end up forgetting their own passwords. Moreover, there are occasions that users are required to change their passwords after a certain period of time for sake of security. But still the users often lose their passwords because they were not careful enough to remember their new passwords, or many times they get confused. Then, the authentication refusals generated in such cases were solved through a separate procedure.