In a conventional information system, authentication methods are often used in which a user and system share specific secret information such as a password, and correctly instructing the secret information by the user is considered as the certificate of an access right.
Some of such methods are characterized by using images. For example, there is a method characterized in that only one predetermined image is arranged together with a plurality of random images (see Japanese Patent Laid-Open No. 2003-228553). In this method, authentication is performed when the user correctly selects the predetermined image.
There is also provided a method in which random images and a predetermined image are not arranged in a matrix but provided as a collage of those images (see Japanese Patent Laid-Open No. 2010-55602). In this method, authentication is performed when the user correctly selects a fragment of the predetermined image.
Moreover, in a method in which authentication is performed when screens in each of which a plurality of random images are arranged are sequentially presented, and the user correctly selects a predetermined image from the arranged images, a screen without the predetermined image is presented (see Japanese Patent Laid-Open No. 2004-157675). In this case, the user instructs not to select any image in a screen which includes no image to be selected, thereby performing authentication. There is also provided a method of performing authentication by instructing predetermined coordinates within an image in a predetermined order (see Wiedenbeck, Waters, Birget, Brodskiy, and Memon, “PassPoints: design and longitudinal evaluation of a graphical password system”, International Journal of Human-Computer Studies-Special issue: HCI research in privacy and security is critical now, Volume 63, Issue 1-2, July 2005, searched 11 Apr. 2012 for <http://clam.rutgers.edu/˜birget/grPssw/susan1.pdf*>). Furthermore, there is provided a method of performing authentication by giving an instruction by tracing a predetermined locus within an image.
Among these techniques, however, the method of performing authentication by selecting a predetermined image has the following problem. That is, a third party who knows personal information about the user can identify an image to be selected by the user based on the personal information. If, for example, an image to be selected is a photo of a relative of the user, a third party may know the relative. In this case, authentication may succeed at a high probability. An attack method in which a third party performs authentication by such a method is called an educated-guess attack.
Furthermore, these techniques require a predetermined image to be always displayed in one of screens. Making several tries, therefore, enables to specify an image which appears every time. This may allow a third party to identify an image to be selected. An attack method in which a third party performs authentication by such a method is called an intersection attack.
As described above, an authentication system adopting the conventional technique is vulnerable to the educated-guess attack or intersection attack.
From a different viewpoint, the present invention has another problem. Among the conventional techniques, the method of performing authentication by sequentially selecting specific coordinates by the user or tracing a specific locus by the user has the following problem. That is, in the above-described conventional techniques, the coordinates and locus themselves are secret information, and may be easily stolen when a third party glances furtively at the information or performs wiretapping on a communication path.
The present invention solves at least one of the above-described problems.