System, method and program for off-line user authentication
First Claim
1. An off-line user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to a user subject to authentication, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line user authentication system comprising:
- an off-line authentication support server for managing respective user IDs and passwords of users of the system; and
an off-line authentication client serving as a terminal for authenticating the users in an off-line state of being not network-connected while being connectable to said off-line authentication support server via a network, said off-line authentication client includes;
user-ID input means for allowing each of the users to enter his/her user ID therefrom; and
user-ID transmission means for transmitting said entered user ID to said off-line authentication support server via the network, wherein said off-line authentication support server includes;
a password storage section pre-storing respective user IDs and one-time-password derivation rules of the users in associated relation with each other on a user-by-user basis;
pattern generation means for generating, in accordance with a given generation rule, a plurality of pattern element sequences each consisting of a set of pattern elements for forming a presentation pattern;
user-ID receiving means for receiving the user ID of the user subject to authentication, from said off-line authentication client via the network;
verification-code creation means for applying the one-time-password derivation rule associated with said received user ID to the respective sets of pattern elements included in the presentation patterns formed from the plurality of pattern element sequences generated by said pattern generation means, and subjecting the respective obtained results to a one-way function algorism to create a plurality of verification codes;
pattern transmission means for transmitting said plurality of generated pattern element sequences to the off-line authentication client of said user subject to authentication via the network; and
verification-code transmission means for transmitting said plurality of generated verification codes to the off-line authentication client of said user subject to authentication via the network, said off-line authentication client further includes;
pattern receiving means for receiving said plurality of pattern element sequences transmitted from said off-line authentication support server, via the network;
pattern storage section for storing said plurality of received pattern element sequences;
verification-code receiving means for receiving said plurality of verification codes transmitted from said off-line authentication support server, via the network;
verification-code storage section for storing said plurality of received verification codes;
pattern selection means for selecting one of the plurality of pattern element sequences stored in said pattern storage section, to allow said selected pattern element sequence to be used in authenticating said user;
verification-code determination means for determining one of said plurality of verification-codes which corresponds to said selected pattern element sequence;
pattern display means for arranging the pattern elements included in said selected pattern element sequence, in said given pattern format, to create a presentation pattern, and displaying said created presentation pattern on a screen;
one-time-password input means for allowing said user to enter therefrom a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
user authentication means for comparing a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticating said user off-line if they are identical to one another.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is an off-line user authentication system, which is designed to present a presentation pattern to a user subject to authentication, and apply a one-time-password derivation rule serving as a password to certain pattern elements included in the presentation pattern at specific positions so as to create a one-time password. An off-line authentication client pre-stores a plurality of pattern element sequences each adapted to form a presentation pattern, and a plurality of verification codes created by applying a one-time-password derivation rule to the respective presentation patterns and subjecting the obtained results to a one-way function algorism. A presentation pattern is created using one selected from the stored pattern element sequences, and presented to a user. A one-time password entered from the user is verified based on a corresponding verification code to perform user authentication. The present invention provides an off-line matrix authentication scheme with enhanced security.
-
Citations
24 Claims
-
1. An off-line user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to a user subject to authentication, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line user authentication system comprising:
-
an off-line authentication support server for managing respective user IDs and passwords of users of the system; and
an off-line authentication client serving as a terminal for authenticating the users in an off-line state of being not network-connected while being connectable to said off-line authentication support server via a network, said off-line authentication client includes;
user-ID input means for allowing each of the users to enter his/her user ID therefrom; and
user-ID transmission means for transmitting said entered user ID to said off-line authentication support server via the network, wherein said off-line authentication support server includes;
a password storage section pre-storing respective user IDs and one-time-password derivation rules of the users in associated relation with each other on a user-by-user basis;
pattern generation means for generating, in accordance with a given generation rule, a plurality of pattern element sequences each consisting of a set of pattern elements for forming a presentation pattern;
user-ID receiving means for receiving the user ID of the user subject to authentication, from said off-line authentication client via the network;
verification-code creation means for applying the one-time-password derivation rule associated with said received user ID to the respective sets of pattern elements included in the presentation patterns formed from the plurality of pattern element sequences generated by said pattern generation means, and subjecting the respective obtained results to a one-way function algorism to create a plurality of verification codes;
pattern transmission means for transmitting said plurality of generated pattern element sequences to the off-line authentication client of said user subject to authentication via the network; and
verification-code transmission means for transmitting said plurality of generated verification codes to the off-line authentication client of said user subject to authentication via the network, said off-line authentication client further includes;
pattern receiving means for receiving said plurality of pattern element sequences transmitted from said off-line authentication support server, via the network;
pattern storage section for storing said plurality of received pattern element sequences;
verification-code receiving means for receiving said plurality of verification codes transmitted from said off-line authentication support server, via the network;
verification-code storage section for storing said plurality of received verification codes;
pattern selection means for selecting one of the plurality of pattern element sequences stored in said pattern storage section, to allow said selected pattern element sequence to be used in authenticating said user;
verification-code determination means for determining one of said plurality of verification-codes which corresponds to said selected pattern element sequence;
pattern display means for arranging the pattern elements included in said selected pattern element sequence, in said given pattern format, to create a presentation pattern, and displaying said created presentation pattern on a screen;
one-time-password input means for allowing said user to enter therefrom a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
user authentication means for comparing a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticating said user off-line if they are identical to one another. - View Dependent Claims (2, 3, 4, 11, 12, 13, 14, 15)
-
-
5. An off-line user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to a user subject to authentication, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line user authentication system comprising:
-
an off-line authentication support server for managing respective user IDs and passwords of users of the system; and
an off-line authentication client serving as a terminal for authenticating the users in an off-line state of being not network-connected while being connectable to said off-line authentication support server via a network, said off-line authentication client includes;
user-ID input means for allowing each of the users to enter his/her user ID therefrom; and
user-ID transmission means for transmitting said entered user ID to said off-line authentication support server via the network, wherein said off-line authentication support server includes;
a password storage section pre-storing respective user IDs and one-time-password derivation rules of the users in associated relation with each other on a user-by-user basis;
pattern-seed-value generation means for generating, in accordance with a given generation rule, a plurality of pattern seed values each adapted to be combined with one of the user IDs so as to allow a presentation pattern to be uniquely determined;
user-ID receiving means for receiving the user ID of the user subject to authentication, from said off-line authentication client via the network;
verification-code creation means for applying the one-time-password derivation rule associated with said received user ID to respective sets of pattern elements included in a plurality of presentation patterns formed from a plurality of pattern element sequences which are created based on said received user ID and said plurality of generated pattern seed values and in accordance with a given pattern-element-sequence creation rule, and subjecting the respective obtained results to a one-way function algorism to create a plurality of verification codes;
pattern-seed-value transmission means for transmitting said plurality of generated pattern seed values to the off-line authentication client of said user subject to authentication via the network; and
verification-code transmission means for transmitting said plurality of generated verification codes to the off-line authentication client of said user subject to authentication via the network, said off-line authentication client further includes;
pattern-seed-value receiving means for receiving said plurality of pattern seed values transmitted from said off-line authentication support server, via the network;
pattern-seed-value storage section for storing said plurality of received pattern seed values;
verification-code receiving means for receiving said plurality of verification codes transmitted from said off-line authentication support server, via the network;
verification-code storage section for storing said plurality of received verification codes;
pattern-seed-value selection means for selecting one of the plurality of pattern seed values stored in said pattern-seed-value storage section, to allow said selected pattern seed value to be used in authenticating said user;
verification-code determination means for determining one of said plurality of verification codes which corresponds to said selected pattern seed value;
pattern-element-sequence creation means for creating a pattern element sequence based on said entered user ID and said selected pattern seed value and in accordance with said given pattern-element-sequence creation rule;
pattern display means for arranging the pattern elements included in said created pattern element sequence, in said given pattern format, to create a presentation pattern, and displaying said created presentation pattern on a screen;
one-time-password input means for allowing said user to enter therefrom a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
user authentication means for comparing a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticating said user off-line if they are identical to one another. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
16. An off-line user authentication method for use in an off-line user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to a user subject to authentication, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line user authentication system including an off-line authentication support server for managing respective user IDs and passwords of users of the system, and an off-line authentication client for authenticating the users in an off-line state of being not network-connected while being connectable to said off-line authentication support server via a network, said off-line user authentication method comprising the steps of:
-
pre-storing respective user IDs and one-time-password derivation rules of the users in said off-line authentication support server in associated relation with each other on a user-by-user basis;
allowing the user subject to authentication to enter his/her user ID into said off-line authentication client;
transmitting said entered user ID from said off-line authentication client to said off-line authentication support server via the network, receiving said user ID transmitted from said off-line authentication client, at said off-line authentication support server via the network;
allowing said off-line authentication support server to generate, in accordance with a given generation rule, a plurality of pattern element sequences each consisting of a set of pattern elements for forming a presentation pattern;
allowing said off-line authentication support server to apply the one-time-password derivation rule associated with said received user ID to the respective sets of pattern elements included in the presentation patterns formed from the plurality of generated pattern element sequences, and subject the respective obtained results to a one-way function algorism so as to create a plurality of verification codes;
transmitting said plurality of generated pattern element sequences from said off-line authentication support server to the off-line authentication client of said user subject to authentication, via the network;
verification-code transmission means for transmitting said plurality of generated verification codes from said off-line authentication support server to the off-line authentication client of said user subject to authentication, via the network;
receiving said plurality of pattern element sequences transmitted from said off-line authentication support server, at said off-line authentication client via the network;
storing said plurality of received pattern element sequences in said off-line authentication client;
receiving said plurality of verification codes transmitted from said off-line authentication support server, at said off-line authentication client via the network;
storing said plurality of received verification codes in said off-line authentication client;
allowing said off-line authentication client to select one of the plurality of stored pattern element sequences so as to allow said selected pattern element sequence to be used in authenticating said user;
allowing said off-line authentication client to determine one of said plurality of verification codes which corresponds to said selected pattern element sequence;
allowing said off-line authentication client to arrange the pattern elements included in said selected pattern element sequence, in said given pattern format so as to create a presentation pattern, and display said created presentation pattern on a screen;
allowing said user to enter into said off-line authentication client a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
allowing said off-line authentication client to compare a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticate said user off-line if they are identical to one another.
-
-
17. An off-line user authentication method for use in an off-line user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to a user subject to authentication, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line user authentication system including an off-line authentication support server for managing respective user IDs and passwords of users of the system, and an off-line authentication client for authenticating the users in an off-line state of being not network-connected while being connectable to said off-line authentication support server via a network, said off-line user authentication method comprising the steps of:
-
pre-storing respective user IDs and one-time-password derivation rules of the users in said off-line authentication support server in associated relation with each other on a user-by-user basis;
allowing the user subject to authentication to enter his/her user ID into said off-line authentication client;
transmitting said entered user ID from said off-line authentication client to said off-line authentication support server via the network, allowing said off-line authentication support server to generate, in accordance with a given generation rule, a plurality of pattern seed values each adapted to be combined with one of the user IDs so as to allow a presentation pattern to be uniquely determined;
receiving said user ID transmitted from said off-line authentication client, at said off-line authentication support server via the network;
allowing said off-line authentication support server to apply the one-time-password derivation rule associated with said received user ID to respective sets of pattern elements included in a plurality of presentation patterns formed from a plurality of pattern element sequences which are created based on said received user ID and said plurality of generated pattern seed values and in accordance with a given pattern-element-sequence creation rule, and subject the respective obtained results to a one-way function algorism so as to create a plurality of verification codes;
transmitting said plurality of generated pattern seed values from said off-line authentication support server to the off-line authentication client of said user subject to authentication, via the network;
transmitting said plurality of generated verification codes from said off-line authentication support server to the off-line authentication client of said user subject to authentication, via the network;
receiving said plurality of pattern seed values transmitted from said off-line authentication support server, at said off-line authentication client via the network;
storing said plurality of received pattern seed values in said off-line authentication client;
receiving said plurality of verification codes transmitted from said off-line authentication support server, at said off-line authentication client via the network;
storing said plurality of received verification codes in said off-line authentication client;
allowing said off-line authentication client to select one of the plurality of stored pattern seed values so as to allow said selected pattern seed value to be used in authenticating said user;
allowing said off-line authentication client to determine one of said plurality of verification codes which corresponds to said selected pattern seed value;
allowing said off-line authentication client to create a pattern element sequence based on said entered user ID and said selected pattern seed value and in accordance with said given pattern-element-sequence creation rule;
allowing said off-line authentication client to arrange the pattern elements included in said created pattern element sequence, in said given pattern format so as to create a presentation pattern, and display said created presentation pattern on a screen;
allowing said user to enter into said off-line authentication client a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
allowing said off-line authentication client to compare a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticate said user off-line if they are identical to one another.
-
-
18. An off-line authentication client serving as a terminal for authenticating a user subject to authentication, off-line, in an off-line user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to said user, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line authentication client comprising:
-
pattern input means for pre-receiving a plurality of pattern element sequences pre-generated in accordance with a given generation rule, each of said pattern element sequences consisting of a set of pattern elements for forming a presentation pattern;
pattern storage section for pre-storing said plurality of pre-received pattern element sequences;
verification-code input means for pre-receiving a plurality of verification codes pre-created by applying the one-time-password derivation rule serving as a password associated with the user subject to authentication to the respective sets of pattern elements included in the presentation patterns formed from said plurality of pre-received pattern element sequences, and subjecting the respective obtained results to a one-way function algorism;
verification-code storage section for pre-storing said plurality of pre-received verification codes;
user-ID input means for allowing the user subject to authentication to enter his/her user ID therefrom;
pattern selection means for selecting one of the plurality of pattern element sequences pre-stored in said pattern storage section, to allow said selected pattern element sequence to be used in authenticating said user;
verification-code determination means for determining one of said plurality of verification-codes which corresponds to said selected pattern element sequence;
pattern display means for arranging the pattern elements included in said selected pattern element sequence, in said given pattern format, to create a presentation pattern, and displaying said created presentation pattern on a screen;
one-time-password input means for allowing said user subject to authentication to enter therefrom a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
user authentication means for comparing a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticating said user off-line if they are identical to one another.
-
-
19. An off-line authentication client serving as a terminal for authenticating a user subject to authentication, off-line, in an off-line user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to said user, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line authentication client comprising:
-
pattern-seed-value input means for pre-receiving therethrough a plurality of pattern seed values pre-generated in accordance with a given generation rule and each adapted to be combined with a user ID of said user so as to allow a presentation pattern to be uniquely determined;
pattern-seed-value storage section for pre-storing said plurality of pre-received pattern seed values;
verification-code input means for pre-receiving a plurality of verification codes pre-created by applying the one-time-password derivation rule serving as a password associated with said user subject to authentication to respective sets of pattern elements included in a plurality of presentation patterns formed from a plurality of pattern element sequences which are created based on said user ID of the user subject to authentication and said plurality of pre-generated pattern seed values and in accordance with a given pattern-element-sequence creation rule, and subjecting the respective obtained results to a one-way function algorism;
verification-code storage section for pre-storing said plurality of pre-received verification codes;
user-ID input means for allowing the user subject to authentication to enter his/her user ID therefrom;
pattern-seed-value selection means for selecting one of the plurality of pattern seed values pre-stored in said pattern-seed-value storage section, to allow said selected pattern seed value to be used in authenticating said user;
verification-code determination means for determining one of said plurality of verification-codes which corresponds to said selected pattern element sequence;
pattern-element-sequence creation means for creating a pattern element sequence based on said entered user ID and said selected pattern seed value and in accordance with said given pattern-element-sequence creation rule;
pattern display means for arranging the pattern elements included in said created pattern element sequence, in said given pattern format, to create a presentation pattern, and displaying said created presentation pattern on a screen;
one-time-password input means for allowing said user to enter therefrom a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
user authentication means for comparing a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticating said user off-line if they are identical to one another.
-
-
20. An off-line authentication method for use in an off-line authentication client serving as a terminal for authenticating a user subject to authentication, off-line, in an off-line user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to said user, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line authentication method comprising the steps of:
-
pre-receiving a plurality of pattern element sequences pre-generated in accordance with a given generation rule, each of said pattern element sequences consisting of a set of pattern elements for forming a presentation pattern;
pre-storing said plurality of pre-received pattern element sequences;
pre-receiving a plurality of verification codes pre-created by applying the one-time-password derivation rule serving as a password associated with the user subject to authentication to the respective sets of pattern elements included in the presentation patterns formed from said plurality of pre-received pattern element sequences, and subjecting the respective obtained results to a one-way function algorism;
pre-storing said plurality of pre-received verification codes;
allowing the user subject to authentication to enter his/her user ID;
selecting one of the plurality of pre-stored pattern element sequences to allow said selected pattern element sequence to be used in authenticating said user;
determining one of said plurality of verification-codes which corresponds to said selected pattern element sequence;
arranging the pattern elements included in said selected pattern element sequence, in said given pattern format, to create a presentation pattern, and displaying said created presentation pattern on a screen;
allowing said user subject to authentication to enter a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
comparing a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticating said user off-line if they are identical to one another.
-
-
21. An off-line authentication method for use in an off-line authentication client serving as a terminal for authenticating a user subject to authentication, off-line, in an off-line user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to said user, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line authentication client comprising:
-
pre-receiving a plurality of pattern seed values pre-generated in accordance with a given generation rule and each adapted to be combined with a user ID of said user so as to allow a presentation pattern to be uniquely determined;
pre-storing said plurality of pre-received pattern seed values;
pre-receiving a plurality of verification codes pre-created by applying the one-time-password derivation rule serving as a password associated with said user subject to authentication to respective sets of pattern elements included in a plurality of presentation patterns formed from a plurality of pattern element sequences which are created based on said user ID of the user subject to authentication and said plurality of pre-generated pattern seed values and in accordance with a given pattern-element-sequence creation rule, and subjecting the respective obtained results to a one-way function algorism;
pre-storing said plurality of pre-received verification codes;
allowing the user subject to authentication to enter his/her user ID;
selecting one of the plurality of pre-stored pattern seed values to allow said selected pattern seed value to be used in authenticating said user;
determining one of said plurality of verification-codes which corresponds to said selected pattern element sequence;
creating a pattern element sequence based on said entered user ID and said selected pattern seed value and in accordance with said given pattern-element-sequence creation rule;
arranging the pattern elements included in said created pattern element sequence, in said given pattern format, to create a presentation pattern, and displaying said created presentation pattern on a screen;
allowing said user to enter a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
comparing a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticating said user off-line if they are identical to one another.
-
-
22. An off-line authentication program for allowing an off-line computer in an off-line user authentication system to execute an off-line authentication method, said off-line user authentication system being designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to a user subject to authentication, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line authentication method comprising the steps of:
-
pre-receiving a plurality of pattern element sequences pre-generated in accordance with a given generation rule, each of said pattern element sequences consisting of a set of pattern elements for forming a presentation pattern;
pre-storing said plurality of pre-received pattern element sequences;
pre-receiving a plurality of verification codes pre-created by applying the one-time-password derivation rule serving as a password associated with the user subject to authentication to the respective sets of pattern elements included in the presentation patterns formed from said plurality of pre-received pattern element sequences, and subjecting the respective obtained results to a one-way function algorism;
pre-storing said plurality of pre-received verification codes;
allowing the user subject to authentication to enter his/her user ID;
selecting one of the plurality of pre-stored pattern element sequences to allow said selected pattern element sequence to be used in authenticating said user;
determining one of said plurality of verification-codes which corresponds to said selected pattern element sequence;
arranging the pattern elements included in said selected pattern element sequence, in said given pattern format, to create a presentation pattern, and displaying said created presentation pattern on a screen;
allowing said user subject to authentication to enter a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
comparing a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticating said user off-line if they are identical to one another. - View Dependent Claims (24)
-
-
23. An off-line authentication program for allowing an off-line computer in an off-line user authentication system to execute an off-line authentication method, said off-line user authentication system being designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to said user, and apply a one-time-password derivation rule serving as an off-line password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said off-line authentication client comprising:
-
pre-receiving a plurality of pattern seed values pre-generated in accordance with a given generation rule and each adapted to be combined with a user ID of said user so as to allow a presentation pattern to be uniquely determined;
pre-storing said plurality of pre-received pattern seed values;
pre-receiving a plurality of verification codes pre-created by applying the one-time-password derivation rule serving as a password associated with said user subject to authentication to respective sets of pattern elements included in a plurality of presentation patterns formed from a plurality of pattern element sequences which are created based on said user ID of the user subject to authentication and said plurality of pre-generated pattern seed values and in accordance with a given pattern-element-sequence creation rule, and subjecting the respective obtained results to a one-way function algorism;
pre-storing said plurality of pre-received verification codes;
allowing the user subject to authentication to enter his/her user ID;
selecting one of the plurality of pre-stored pattern seed values to allow said selected pattern seed value to be used in authenticating said user;
determining one of said plurality of verification-codes which corresponds to said selected pattern element sequence;
creating a pattern element sequence based on said entered user ID and said selected pattern seed value and in accordance with said given pattern-element-sequence creation rule;
arranging the pattern elements included in said created pattern element sequence, in said given pattern format, to create a presentation pattern, and displaying said created presentation pattern on a screen;
allowing said user to enter a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
comparing a result of subjecting said entered one-time password to said one-way function algorithm with said determined verification code, and successfully authenticating said user off-line if they are identical to one another.
-
Specification