Patent Application
20070288999
An embodiment of a user-authentication device according to the invention is described hereinafter with reference to
As shown in
A log file showing the authentication information for use in authentication, and accesses to application software is stored in the computer. Further, the computer controls log-in inhibition information for controlling log-in against application software.
Now, operation by the user-authentication device according to the present embodiment is described hereinafter.
A user activates the authentication program 10 instead of activating application software, and specifies application software as desired. The authentication program 10 after activated makes a request to the user for authentication manipulation.
In
In the step S1 of
In the step S2, the operation executes error display to the effect that log-in is inhibited, and reset a timer in the step S3 before reverting to the step S1. As described later in this description, the timer is for controlling log-in inhibition/log-in release.
Meanwhile, in the step S4, the operation reads a user ID inputted through manipulation by the user.
Next, in the step S5, the operation reads the password inputted through manipulation by the user.
Next, in the step S6, the operation makes access to the authentication information to determine whether or not the user ID as inputted has been cataloged. User IDs in association with passwords, respectively, have been cataloged in the authentication information. If determination in the step S7 is affirmative, the operation proceeds to the step S9 while proceeding to the step S8 if the determination is negative.
In the step S8, the operation executes error display to the effect that the user ID is not cataloged, thereby reverting to the step S1.
Meanwhile, in the step S9, the operation makes access to the authentication information to collate a password associated with the user ID as inputted with the password inputted. In the case of matching between those passwords as a result of collation, the operation proceeds to the step S 17 while proceeding to the step S11 in the case of mismatching.
In the step S11, the operation executes error display to the effect that the password is incorrect.
Next, in the step S12, the number of counts by a revoke-counter is increased by one increment. The number of counts by the revoke-counter indicates the number of times that an incorrect password is inputted in succession.
Then, in the step S13, the operation keeps a record to the effect that it has failed in authentication. The content of the record includes the user ID and time.
Next, in step S14, the operation determines whether or not the number of counts by the revoke-counter has reached the predetermined number of times, and if determination is affirmative, the operation proceeds to the step S15 while reverting to the step S1 if determination is negative. Herein, the predetermined number of times refers to the number of times that the incorrect password is inputted in succession, which is set as a condition for inhibiting log-in.
Next, in step S16, the operation resets the timer, and reverts to the step S1. As described later in this description, the timer has a function of controlling time from the log-in inhibition until the log-in release. With the elapse of predetermined time, the log-in inhibition is released.
Meanwhile, in the step S17, the log-in against the application software is recorded on the log file. The content of the record includes the user ID and time.
Next, in the step S18, the operation activates the relevant application software.
Then, in the step S19, the operation monitors an execution state of the application software. Next, in the step S20, the operation determines whether or not the execution of the application software has been completed, and if determination is affirmative, the operation proceeds to the step S21 while continuing monitoring in the step S19 if determination is negative.
In the step S21, the operation resets the revoke-counter while keeping a record of the log-off from the relevant application software in the log file, thereby completing processing. The content of the record includes the user ID and time.
In
In the step S31 of
Next, in the step S32, the operation determines whether or not the timer has reached a time-up time. The time-up time is pre-set to correspond to the time from the log-in inhibition until the log-in release (the predetermined time as above).
If determination in the step S32 is affirmative, the operation proceeds to the step S33, and if the determination is negative, processing is completed.
In the step S33, the operation releases inhibition of the log-in by the user corresponding to the relevant application software.
Next, in the step S34, the operation resets the revoke-counter, thereby completing processing.
The steps for user-authentication (the steps from S4 to S10) correspond to the function of the authentication means 11, the steps for monitoring the application state of the application software (the steps from S19 to S20) correspond to the function of the log-off recognition means 12, the steps for recording the log-in, and the log-off, in association with the user (the steps S17, S21, and so forth), correspond to the function of the recording means 13, and the steps for inhibit the log-in (the steps S1 to S3, S14 to S16, S31 to S34 and so forth) correspond to the function of the log-in inhibition means 14, respectively.
As described in the foregoing, with the user-authentication device according to the present embodiment of the invention, even in the case where a system makes use of the application software having no function for the user-authentication, the user-authentication can be executed according to the authentication program 10. Accordingly, it is possible to effectively prevent an ill-intentioned user from making improper use of application software. Further, since recording on the log file is executed according to the authentication program 10, it becomes possible to leave the history of accesses made to the application software on record. Thus, thanks to the authentication program 10, it becomes possible to provide a function for protecting, for example, application software without an authentication interface.
Further, the authentication program may have a function for single sign on.
In the case where two units of application software AP1, AP2 are mounted, for example, as shown in
Furthermore, the user-authentication device according to the present embodiment can also be made up such that if the authentication operation is accepted, and log-in against the application software AP1 is authorized, log-on against the application software AP2 is automatically implemented.
It is to be pointed out that the invention is not limited in scope to the embodiment described hereinbefore, and that the invention is widely applicable to a user-authentication method for executing user-authentication on a user of application software, and a user-authentication device for carrying out the same.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2006-163480 | Jun 2006 | JP | national |
