JPH11143834A - Lock out method for log-in operation - Google Patents

Abstract

PROBLEM TO BE SOLVED: To firmly lock out an unlawful log-in operation of an unlawful user by making it strong for alteration of important data such as a value of the number of unlawful log-in times or the like. SOLUTION: It is made that inputs of a user ID, identification information, and password are performed on condition that a storage medium such as a floppy disk possessed by a user himself who is going to use a computer is set in a reading/writing device, with regard to an unlawful log-in operation which performs log-in failure time data of the recording medium or an alteration of the important data in the first specific data storage area, it is made to shift to 'semi lock out condition' including a lock out processing, on this semi lock out condition, the more unlawful operations are performed, the longer it is made to take the lock out time of the unlawful log-in operation, while it appears that a normal log-in processing is being performed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention executes authentication processing of user-specific identification information and a password input by a user who intends to use a computer, and the computer is provided with a predetermined number of incorrect passwords. The present invention relates to a lockout method for a login operation that does not permit use of resources such as data and application programs.

[0002]

2. Description of the Related Art Conventionally, identification information (hereinafter referred to as a user ID) and a password unique to a user are input so that an unauthorized user cannot illegally use resources such as data and application programs held by a computer. The authentication process is performed to determine whether or not the user ID and the password of the regular user registered in advance match. If the user is not registered, it is determined that the login operation is performed by an unauthorized user, and login is not permitted. In some cases, when an unauthorized login operation is performed a predetermined number of times, the computer is transited to a lockout state, and login operations for all users on the computer are prohibited for a predetermined time.

In such a system, usually, a relatively easy-to-understand user ID, such as a user name, is selected as a user ID, and a password, which is known only to each user, is selected as a password.

[0004] A computer (or computer system) configured to prevent such unauthorized use by performing such an authentication process is a method of attacking when an unauthorized user intrudes into the computer.
There is a “brute force attack” in which a user obtains a password and tries a password for the user ID one by one. There are numerous password candidates, but the process of performing a “brute force attack” can be automated by creating a dedicated program, so that thousands or tens of thousands of unauthorized users per second You can try your password. By permitting an unauthorized login operation by trying a large number of passwords in this way, the password will be unlocked someday.

[0005] Therefore, a method is adopted in which the upper limit of the number of times of unauthorized login operation attempts is specified, and if the upper limit is exceeded, the login operation is prohibited for a certain period (lockout). usually,
The login prohibition period (lockout time) is determined by the system administrator according to the security policy of the computer, but is a relatively long time. In some cases, the login cannot be performed again unless the system administrator releases the lockout state. This makes it impossible for an intruder to try many passwords, prevents unauthorized use of the computer by an unauthorized user, and keeps the security of data and the like in the computer.

[0006]

However, in the above-described conventional lockout method, the number of unauthorized logins up to the present must be held somewhere in the computer in order to perform the lockout. If the unauthorized user finds the storage location of the number of unauthorized logins up to the present by some method, and performs a process of deleting or rewriting the value of the number of unauthorized logins before entering the lockout state,
It involves the problem of being able to try to crack the password as many times as possible, eventually finding a legitimate password, and using this password to enable unauthorized login.

An object of the present invention is to withstand tampering of important data such as the value of the number of unauthorized logins, to prolong the time to lock out the unauthorized login operation as the number of unauthorized login operations increases, and to strengthen the unauthorized login operation of an unauthorized user. Another object of the present invention is to provide a lockout method of a log-in operation which can be locked out.

[0008]

In order to achieve the above object, the present invention provides a recording medium for each user having a storage area for the number-of-times-of-login-failures counter and an area for storing the latest login failure time data. A computer to be logged in, a read / write device that performs data read / write operations on the recording medium, and a quasi-lockout state duration after entering a quasi-lockout state that ignores a password input by a user. A first unique data storage area for each user including a storage area for a value of 1, a storage area for non-fixed data such as previous logout time and a fixed data such as a user name, and stored in the latest login failure time data storage area A first storage area for storing the same data as the login failure time data, and the non-fixed data and the fixed data. And a second unique data storage area for each user including a second storage area for storing the same data as the data stored in the storage area. In response to the input of the user identification information by the user after setting the medium in the read / write device in the read / write device, in the computer to be logged in, (a1) the first and the second corresponding to the user by the input user identification information. The data stored in the second unique data storage area is read, the data stored in the recording medium is read, and the login failure time data read from the recording medium and the login failure time read from the second unique data storage area are read. Non-fixed data read from the first and second unique data storage areas is compared with time data. (A2) If the data to be verified does not match, the first value is updated to transit to the semi-lockout state, and the validity of the password input following the user identification information is verified. The first password even if the password is valid.
After ignoring the valid password until after the time determined by the value of, and writing the current time data to the latest login failure time data storage area in the recording medium, outputting a message indicating an invalid password, When the time determined by the first value has elapsed, the first value is returned to a value indicating the normal state, and if the password is an invalid password, the login failure count value in the failure count counter storage area in the recording medium is reset. After the update, if the login failure count value reaches the specified number, the state transits to the lockout state, and after writing the current time data in the latest login failure time data storage area in the recording medium, performs the login operation. The process is prohibited for a predetermined period of time, and the process is executed every time a password is input following the input of the user identification information, and the data in the recording medium or the second unique And inhibits unauthorized login operation by alteration of the data in over data storage area.

In summary, according to the present invention, a user who wants to use a computer inputs a user ID and a password with a recording medium such as a floppy disk or an IC card set in the read / write device in a readable / writable state. Login is permitted to a user who has entered a valid password, and if an unauthorized password has been entered more than a specified number of times, the user is locked out as before, but the login failure time of the recording medium Unauthorized log-in operation that has performed fraud such as falsification of data or important data in the first unique data storage area,
It transitions to the "quasi-lockout state" including lockout processing, and in this semi-lockout state, it seems that normal login processing is being performed at first glance, but in fact, the more unfairly you perform, the more time you lock out unauthorized login operations It is intended to be longer.

Here, the quasi-lockout state is a state to which a transition is made when it is determined that tampering with important data such as login failure time data has been performed. Is input and the password is determined. Even if the input password matches a valid password, the password is excluded. Even if the input password matches a valid password, ignoring it is synonymous with exclusion.

Whether the tampering of important data such as login failure time data or the like has been performed or not is determined by reading the data stored in the first and second unique data storage areas corresponding to the user. Reading the data stored in the recording medium, collating the login failure time data read from the recording medium with the login failure time data read from the second unique data storage area, and comparing the login failure time data read from the second unique data storage area with the first and second unique data storage areas; The determination is made by comparing the read non-fixed data and fixed data. In this case, the data in the first unique data area is
Is stored in an area different from the unique data area, and is preferably stored in an encrypted form.

[0012]

Embodiments of the present invention will be described below in detail with reference to the drawings.

FIG. 1 is a block diagram showing an embodiment of a computer system to which the lockout method of the present invention is applied.
1 comprising a medium reading / writing device 102 attached to
Log in to the computer 101,
When using resources such as data and application programs provided by the user 106, the floppy disk 103 (or the IC card 1) in which data unique to the user 106 is stored.
04) is set in the medium read / write device 102 in a readable / writable state, and a user ID and a password are input from an input device 105 such as a keyboard of the computer 101.

In the floppy disk 103 carried by the user 106, the count value CF of the number of failed login operations is stored.
And an area 1031 for storing the latest login failure time data ft and the like. The computer 101 to be logged in stores first unique data such as a first value CR that determines the duration of the semi-lockout state after entering the semi-lockout state in which the password input by the user is ignored. A storage area 1011 is provided, the first storage area 1012 stores the same data as the login failure time data ft and the like stored in the area 1031 of the floppy disk 103, the non-fixed data RVD such as the previous logout time, and the user. A second unique data storage area 1014 for each user is provided, including a second storage area 1013 for storing fixed data RSD such as a name.

The first and second unique data storage areas 1011 and 1014 can be provided in a registry file if the operating system (OS) of the computer 101 is Windows 95 or Windows NT.
Second unique data storage area 101 in this embodiment
The data of No. 4 is encrypted by a predetermined encryption algorithm, and is protected so that an external user cannot decrypt it.

FIG. 2 is a diagram showing an outline of a log-in operation in this embodiment. In a state where a floppy disk 103 owned by a user who intends to use a computer himself is set in a medium read / write device 102 in a readable / writable state, When the user ID and password are entered (step 201), and the entered password is a valid password (step 202), login is permitted (step 203). (Step 204) The lockout state is set as in the prior art (Step 205). Up to this point, it is the same as the conventional method.

In the present invention, alteration of the log-in failure count CF or the log-in failure time data ft stored in the floppy disk 103 serving as a recording medium or the data RVD of the first unique data storage area 1011 in the computer 101 is performed. In the case of an unauthorized login operation that has performed unauthorized access, this unauthorized login operation is detected (step 2).
06), a transition is made to a “quasi-lockout state” including lockout processing (step 207). In this semi-lockout state, it looks as if normal login processing is being performed at first glance, but in fact, the more fraud is performed, Process to prolong the time to lock out unauthorized login operations.

As described above, the quasi-lockout state is a state to which a transition is made when it is determined that tampering with important data such as the login failure time data ft has been performed. The user is allowed to input a password, and the password is also determined. However, even if the entered password matches a legitimate password, it is excluded,
(1) The first unique data storage area 1011 each time an illegal operation such as falsification of important data such as login failure time data ft is detected, and (2) each time an invalid password is entered a specified number of times in the semi-lockout state. The first value C of
R is set to "+1", and the time required to return from the quasi-lockout state to the normal state is lengthened.

The difference between the operation in the normal state and the operation in the quasi-lockout state will be described with reference to FIG. In FIG. 3, a horizontal arrow 300 is a time axis. Now, the password input regulation number of times until lockout occurs is set to 3 times, and the user
Suppose you enter a password at the timing of. In the normal state, if a correct password is input among the password inputs of (1), login is permitted at that point. If all of the inputs are wrong, lockout is performed. If all of the inputs are wrong, lockout is performed again.

On the other hand, in the quasi-lockout state, login is not permitted even if a correct password is input. In other words, in the normal state, if the correct password is entered at any of the timings of ~, you can log in at that point in time, whereas in the semi-lockout state, login is never permitted, and any password Also, when the input is received three times, the operation of performing lockout is repeated. Therefore, the apparent operation for the user is not different from that in the normal state, but is different in that login is not permitted even if a correct password is input. Then, when tampering such as change or deletion of important data such as login failure time data ft is detected, or whenever lockout occurs during the semi-lockout state, the first unique data storage area Is set to “+1” to prolong the quasi-lockout state.

FIG. 4 shows data 400 (hereinafter collectively referred to as data FD) stored on the floppy disk 103.
Is a diagram showing a data structure of CF, wherein CF 401 is a login failure count value, ft 402 is the latest login failure time, and f-otherwise 403 is other data. The time mentioned here includes year, month, day, hour, minute, and second. The other data 403 is, for example, information on the user and information on login control, such as the position of the user and the time zone during which login is permitted.

The CF 401 increases the value by “1” each time the user fails to log in. Therefore, if the prescribed number of password trials until lockout starts is LT, CF
401 takes a value from “0” to “LT”. "LT"
Is appropriately determined by the system administrator according to the system security policy.

All data of the FD 400 has the same contents recorded in other parts of the system. The recording location may be in the floppy disk 103, but is preferably a file or registry different from the floppy disk 103. In this embodiment, the same content is also recorded in the second storage area 1012 of the computer 101.

To initialize the data FD400, C
F401 is set to 0, ft402 is set to the current time, and other data 403 is reset to respective initial values determined by the system.

FIG. 5 shows the first unique data storage area 101.
1 is a diagram showing a data structure of data (hereinafter, collectively referred to as data RD) 500 stored in the data R.
-Data 502 and 503 other than CR501 of D500
Is specific data such as the last logout time or the last time the registry was updated, or specific data such as a user name, a machine name, or an application name. RVD502 for unspecified data, RSD503 for specified data
If these data and CR are arranged in a predetermined order (for example, the order of CR, RVD and RSD as shown in FIG. 5)
And encrypt it and keep it in the registry. The system determines whether it is in the normal state or the quasi-lockout state by the value of CR501. If the value of CR 501 is “0”, the system is in a normal state, and if the value is a positive number, the system is in a quasi-lockout state.

FIG. 6 is a diagram showing the detailed structure of the RVD 502.
"Last time when the registry was updated" is represented by lt602, and other data rv-otherwise is represented by 603. Initializing the RVD 502 means ot60
1, lt602 at the current time, rv-otherwise
603 is reset to the respective initial values determined by the system. The system updates ot601 to the current time when the user logs out.

FIG. 7 is a diagram showing the detailed structure of the RSD 503, in which “user name” is yn 701 and “machine name” is m.
n 702, “application name” is apn 703, and other data is rs-otherwise 704. To initialize the RSD 503 is to reset each data to each initial value determined by the system.

All data other than the CR 501 of the R-D 500 are recorded in other parts of the system. The recorded location may be on the same registry, but is preferably on a separate file or another registry. In this embodiment, it is recorded in the second unique data storage area 1014.

Initializing the R-D500 means that the CR50
That is, RVD502 and RSD503 are initialized by setting 1 to "0".

When updating or initializing the values of data on the data FD and RD other than the CR 501, the values held in other locations are also changed at the same time.

The two different values of CF401 and CR501 are used to indicate the number of times the user has failed in logging in the CF401, or, in other words, to determine the timing of lockout. The CR501 maintains the quasi-lockout state. Decide the time to do it. CR50
If 1 is "0", the system is in the normal state, but CR
If 501 is a positive number, the system is in a quasi-lockout state, the greater the positive number, the longer the quasi-lockout state.

FIG. 8 is a flowchart showing a method of accessing data FD400. Data FD400
When accessing, first, it is checked whether or not each value of the FD 400 is correct with reference to the data of the same content stored in the second unique data storage area 1014 (step 800). If correct, floppy disk 10
3 is accessed (step 803). If not, after initializing the FD 400 (step 80)
1), the value of CR 501 is increased by "1" (step 80)
2) Access data FD400 (step 8)
03).

FIG. 9 is a flowchart showing a method of accessing the R-D 500.
-D500 is decrypted because it is encrypted and stored (step 900). And RVD502, RSD50
Whether the value of 3 is correct or not is checked by referring to the data of the same content held in another place (the second storage area 1013 unique to the second storage area 1014) (step 901). If at least one is different, RVD
502, after initializing the RSD 503 (step 90)
2) Increase the value of CR501 by "1" (step 90)
3). Then, necessary data on the registry is accessed (step 904). This access CR501
Are updated to the current time (step 905). Then, encrypt and save (step 9
06).

Next, the login process will be described. First, the overall flow will be described with reference to the flowchart of FIG.
First, the computer 101 outputs a login screen (step 1000). The login screen is as shown in FIG. The user inputs a user ID while viewing the login screen 1100 (step 1001). When the user ID is input, the computer 101 refers to the input user ID and refers to the F-
Check D400 and R-D500 (Step 10
02). If there is no problem such as falsification, step 1003
If the data is partially different or has been deleted, it is determined that some tampering has been performed, and the flow proceeds to step 1004. Step 10
03 is shown in FIG. 12, and the details of step 1004 are shown in FIG.
3 will be described.

Step 1003 or Step 100
After completing Step 4, the computer 101 determines the current state of the system (Step 1005). If the status is normal, after the user's password is input (step 1006), the normal password process (step 1006)
8) is performed, and if the user is in the semi-lockout state, the password of the user is input (step 1007), and then the password processing under the semi-lockout state (step 1009)
I do.

FIG. 12 is a flow chart showing the details of step 1003.
2 (the time when the last login failed) and the current time (which is stored in the system and is represented here as ct), and the absolute value is calculated as | ft−ct | ≧ rst (where rst is the administrator Is appropriately determined in accordance with the security policy of the system) (that is, if a sufficiently long time has elapsed since the latest login failure), the CF 40
0 is reset to “0” (1201), and CR50 is further set.
If 1 is positive, the value is reduced by "1" (step 120).
3). If the CR 501 is “1”, the process returns to the normal state from the quasi-lockout state by the processing of step 1203.

Rst is a parameter for controlling the time required for the system to return from the quasi-lockout state to the normal state. The quasi-lockout state lasts for (CR × rst) since the user last failed to log in.

FIG. 13 is a flowchart showing the details of step 1004. First, the data of the FD 400 or RD 500 that has been falsified by the user is restored by initializing the data (step 1300). Then, the value of CR 501 is increased by "1" (step 1301). Step 13
According to 01, when the CR 501 is “0”, the system shifts from the normal state to the quasi-lockout state.

Next, the process of judging the system state in step 1005 of FIG. 10 will be described with reference to the flowchart of FIG.

In FIG. 14, first, the value of CR 501 is checked (step 1400). If CR 501 is “0”, the system determines that the system is in the normal state (step 1401). However, if CR501 is not "0", it means that the vehicle is in the semi-lockout state, and | ft-
The value of ct | is checked (step 1402), and it is checked whether the quasi-lockout state is still continued. | Ft-c
If t | ≧ (CR × rst), the quasi-lockout state is over, so CR 501 is set to “0” (step 1).
403), and sets CF 401 to “0” (step 140).
4), the system determines that it is in the normal state (step 1405).

However, | ft−ct | <(CR × rs
If t), it is determined that the quasi-lockout state is still to be continued.

Next, the "normal password process" of step 1008 will be described with reference to the flowchart of FIG.
In FIG. 15, first, the value of the CF 401 is increased by "1" (step 1500). The password is determined (step 1501). If the password input by the user is correct, the CF 401 is set to “0” (step 1502), and the user is permitted to log in (step 1).
503). However, if the password is incorrect, CF
The value of 401 is checked (step 1504).

If the CF 401 is equal to or more than the LT (login count), the CF 401 is set to "0" (step 15).
05), the state is shifted to the lockout state, and lockout is performed (step 1506). If the CF 401 is less than the LT, a password rejection process is performed (step 150).
7).

The "lockout" process of step 1506 will be described with reference to the flowchart of FIG. FIG.
First, the ft 402 in the floppy disk 103 and the second unique data other storage area 1014 is updated to the current time (step 1600), and a warning is continuously displayed during the LOT (step 1601). The login screen at this time is as shown in FIG. 17, and for example, a warning message “You have been locked out” is displayed. LOT is the time during which lockout lasts and is determined by the system administrator according to the security policy. During lockout, input from all users is not accepted.

When lockout is completed, login screen 1
The warning message 701 is deleted (step 160).
2) The login screen is initialized to accept user input (step 1603). At the end of the lockout, the system proceeds to step 100 in FIG.
0 ends, and the system waits for the user to input a user ID.

Next, the "password rejection work" of step 1507 in FIG. 15 will be described with reference to the flowchart in FIG. In FIG. 18, first, the floppy disk 103 and the second unique data other storage area 1014
Ft402 in the table is updated to the current time (step 180).
0), and outputs a comment or message that the password does not match (step 1801). The login screen at this time is as shown in FIG. 19, and for example, on this screen 1901, a comment "The password you have entered is incorrect" is displayed. When the password rejection work is completed, the system is in a state where step 1000 in FIG. 10 has been completed, and the system is in a state of waiting for the user to input a user ID.

Next, "Password processing under quasi-lockout state" of step 1009 in FIG. 10 will be described with reference to FIG.
This will be described with reference to the flowchart of FIG. In FIG. 20, first,
The value of CF 401 is increased by "1" (step 2000).
Then, the password is determined (step 2001). If the password input by the user is correct, the value of the CR 501 is returned to “1” (step 2002). And CF4
The value of 01 is checked, and if CF 401 is equal to or greater than LT (the specified number of lockouts), CF 401 is set to “0” (step 2004) to perform lockout. CF401 is LT
If it is less, the password reject operation is performed (step 2006).

Here, the reason why the password is determined in step 2001 in spite of not permitting the login in the semi-lockout state is to prevent the semi-lockout time from becoming too long. For example, if an attacker who attempts an unauthorized login attempts the unauthorized login many times, the quasi-lockout condition will last proportionately longer. In such a case, even if a legitimate user tries to log in, the quasi-lockout state lasts too long and is effectively locked out of the system. Using this property, an attacker can use all systems unconsciously or intentionally (effectively impossible to log in)
Can be attacked. To cope with this, if the correct password is input even in the semi-lockout state, the CR 501 is returned to “1” in step 2002, and the semi-lockout state is released after the rst time in step 1203 in FIG. To do so. However, the authorized user must be on standby during that time.

Here, the unauthorized user may copy the data of the authorized user's floppy disk 103 and attempt an unauthorized login. If an authorized user performs a login operation immediately after attempting such an unauthorized login, even if the password is correct, the login failure time data and the like do not match, so that a semi-lockout state is set. The legitimate user can determine that the data on the floppy disk 103 of his or her own has been stolen by having entered the quasi-lockout state despite inputting the correct password. If it is determined that the card has been stolen, it is sufficient to notify the system administrator and perform a procedure for changing the floppy disk or IC card.

When waiting for the system to return to the normal state after entering the correct password, a lockout (step 20)
05) and password rejection (step 2)
006), the impression received by the user is different. If step 2006 has been performed, the user
Just wait for st. Even if step 2005 is executed, it is sufficient to wait for rst, but rst ≦ LOT
In the case of, when the lockout is completed (exactly
The system returns to the normal state (at step 1203 of step 2). However, if rst> LOT, the system does not return to the normal state unless the user waits for “rst-LOT” even after lockout is completed. Normally rst = LO
Set to be T.

If the entered password is not correct, first check the value of CF 401 (step 200).
7). If the CF 401 is equal to or larger than LT, the value of the CR 501 is increased by "1" (step 2008), the CF 401 is set to "0" (step 2009), and lockout is performed (step 2010). If the CF 401 is less than LT, a password reject operation is performed.

[0052]

As is clear from the above description, according to the present invention, the system is resistant to attacks such as deletion of files related to lockout and tampering of critical data, and the more the user performs fraud, the more the fraudulent user becomes. It is possible to prolong the lockout time from the system without being noticed and to securely lock out an unauthorized login operation of an unauthorized user.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an embodiment of a computer system to which a lockout method according to the present invention is applied.

FIG. 2 is an explanatory diagram showing an outline of a login operation.

FIG. 3 is a diagram illustrating a difference between a normal state and a quasi-lockout state.

FIG. 4 is a diagram showing a structure of data stored in a recording medium carried by a user.

FIG. 5 is a structural diagram of data stored in a first unique data storage area.

FIG. 6 is a structural diagram of non-fixed data in a first unique data storage area.

FIG. 7 is a structural diagram of fixed data in a first unique data storage area.

FIG. 8 is a flowchart illustrating a method for accessing data in a recording medium.

FIG. 9 is a flowchart showing a method of accessing registry data in a computer.

FIG. 10 is a flowchart illustrating an outline of a login process.

FIG. 11 is a diagram illustrating an example of a login screen.

FIG. 12 is a flowchart showing details of step 1003 in FIG. 10;

FIG. 13 is a flowchart showing details of step 1004 in FIG. 10;

FIG. 14 is a flowchart showing details of step 1005 in FIG. 10;

FIG. 15 is a flowchart showing details of step 1008 in FIG. 10;

FIG. 16 is a flowchart illustrating a flow of a lockout process.

FIG. 17 is a diagram illustrating an example of a login screen in a lockout state.

FIG. 18 is a flowchart illustrating details of a password rejection operation.

FIG. 19 is a diagram illustrating a display example of a screen indicating a password mismatch.

FIG. 20 is a flowchart showing password processing in a semi-lockout state.

[Explanation of symbols]

101: Computer, 102: Medium read / write device, 1
03: floppy disk, 104: IC card, 10
5 Input device, 106 User, 1011 First unique data storage area, 1012 First storage area, 1013
... second storage area, 1014 ... second unique data storage area.

Claims (4)

[Claims] An authentication process for authenticating user-specific identification information and a password input by a user who intends to use a computer, and executing a predetermined number of incorrect passwords such as data, application programs, and the like included in the computer. In a lockout method of a login operation for preventing use of resources, a recording medium for each user having an area for storing the number of times of failed login operation counters and an area for storing the latest login failure time data is prepared. The target computer includes: a read / write device that reads and writes data from and to the recording medium; and a first device that determines a quasi-lockout state duration after entering a quasi-lockout state that ignores a password input by a user. Value storage area and last logout time A first unique data storage area for each user including a storage area for non-fixed data and fixed data such as a user name, and the same login failure time data stored in the latest login failure time data storage area. A first storage area for storing and a second unique data storage area for each user including a second storage area for storing the same data as the data stored in the storage area for the non-fixed data and the fixed data. In response to input of user identification information by the user after setting the recording medium held by the user who intends to use the computer in the read / write device in the read / write device, the computer to be logged in: Stored in the first and second unique data storage areas corresponding to the user according to the given user identification information. Reading the data, reading the data stored in the recording medium, and comparing the login failure time data read from the recording medium with the login failure time data read from the second unique data storage area; The non-fixed data and the fixed data respectively read from the unique data storage areas are compared. (A2) If the data to be compared does not match, the first
The value is updated to a quasi-lockout state, the validity of the password input following the user identification information is determined, and even if the password is valid, the password is not updated until the time determined by the first value has elapsed. After ignoring the valid password and writing the current time data to the latest login failure time data storage area in the recording medium, a message to the effect that the password is invalid is output, and the time determined by the first value has elapsed. Then, the first value is returned to a value indicating a normal state. If the password is an invalid password, the login failure count value in the failure count counter storage area in the recording medium is updated, and the login failure count is counted. If the value has reached the specified number of times, the state transits to the lockout state, and the current time data is written to the latest login failure time data storage area in the recording medium. After that, the login operation is prohibited for a predetermined time, and the process is executed every time a password is entered following the input of the user identification information, and the unauthorized login is performed by falsification of the data in the recording medium or the data in the second unique data storage area. A lockout method for a login operation, wherein the operation is prohibited. 2. The lockout method for a login operation according to claim 1, wherein the first value is further updated when an incorrect password is entered a specified number of times in a state where the state has shifted to the quasi-lockout state. . 3. The log-in operation according to claim 1, wherein the data in the second unique data storage area is encrypted, and is decrypted every time the storage area is accessed. Lockout method. 4. A process for returning the first value to the first value in the quasi-lockout state when a valid password is input in a state where the quasi-lockout state has been entered. 4. A lockout method for any one of the login operations according to any one of 1 to 3.