CN100343774C - Authentication system, authentication server, authentication method, authentication program, terminal, authentication request method, authentication request program, and storage medium - Google Patents
Authentication system, authentication server, authentication method, authentication program, terminal, authentication request method, authentication request program, and storage medium Download PDFInfo
- Publication number
- CN100343774C CN100343774C CNB2003801003488A CN200380100348A CN100343774C CN 100343774 C CN100343774 C CN 100343774C CN B2003801003488 A CNB2003801003488 A CN B2003801003488A CN 200380100348 A CN200380100348 A CN 200380100348A CN 100343774 C CN100343774 C CN 100343774C
- Authority
- CN
- China
- Prior art keywords
- information
- terminal
- label
- user
- identifying information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
Disclosed herein is an authentication system offering high degrees of security and convenience by use of two storage media. An automatic log-in system (100) requests a server (110) to perform a user authentication process using card-specific information (101) retrieved from an IC card (10) and password information (102) from a portable memory (11). The server (110) authenticates the user by acquiring a user ID and a password using the card-specific information (101) and password information (102). The card-specific information (101) and password information (102) constitute authentication request information, and the user ID and password make up authentication information. Following successful authentication of the user, the server (110) allows the user to log in; in case of unsuccessful authentication, the server (110) denies log-in.
Description
Technical field
The present invention relates to a kind of verification system and correlation technique.More particularly, the present invention relates to a kind of like this verification system and improvement thereof, they are used for making each all independently to maintain the terminal of user's electronic tag (electronic tally) and authentication server can allowing the user to obtain the checking solicited message that authorization information and employing remain on two all mediums of user from the user tag coupling of these two equipment the time to come requests verification.
Background technology
Along with the rapid universal use of the Internet in recent years, people can be easy to use the terminal that is placed in family or the workplace or pass through to use portable terminal to serve in reception on the Internet.
Provide various services on the Internet, comprising the Internet bank, security exchange, online shopping and information retrieval.
For example come its user is verified by password and user ID by utilizing authorization information for some so-called site for services that these services are provided.
In order to login in these websites any, the user at first sends authorization information from terminal to server.At the server place, in order to verify that utilizing formerly canned data that the information that is sent is tested closes (tally).
More particularly, in the time of on signing in to this website, the user usually by logon screen enter password and user ID so that send to server.
Utilize the traditional verification method of password to be considered to divulge a secret easily.That is to say that the third party who has stolen password palms off validated user easily.In order to avoid this weakness, proposed to relate to the method for using electronic tag.
Electronic tag is of a plurality of information segments who constitutes authorization information.In other words, suitable authorization information is a plurality of fragments that are called as label by predetermined logical division.Original authorization information only all labels of cutting apart be collected and the situation of mating under just rebuild.
Usually the authorization information about a user is divided into two labels.One of them label is by user management, and another is by server admin.When checking, the user sends to server with its electronic tag.Conversely, automatic login server uses two electronic tags to rebuild this authorization information.
Even user's electronic tag leaks to the third party, this third party can not only use this label that illegally obtains to recover origin authentication information.This is considered to guarantee high level of security.
Proposed to adopt the electronic tag scheme to improve the technology of security.
In the open No.2001-331450 of Japanese Patent Laid, disclosed a kind of such technology.Disclosed technology relates to be allowed service remove to produce two labels from authorization information and transfers one of them label to user and another label transferred to the site for service that service is provided.This site for service receives user's label and its copy label with storage is formerly compared so that obtain user's authorization information.Use the authorization information of obtaining like this to come this user is verified.
But, stolen by the third party if transfer one of them label of this user to, then this third party can illegally use this label to visit server to verify simply.
Therefore, even one object of the present invention is to provide a kind of electronic tag the user to reveal to the verification system that also can guarantee high level of security under the third-party situation and uses the information that retrieves from two mediums to verify this user's verification system.
Summary of the invention
In the embodiment of this invention and according to an one aspect, a kind of verification system is provided, it comprises a terminal and an authentication server, this terminal is at first obtained first authorization information and is obtained label information then from second medium from first medium, first authorization information is discerned first medium, and authentication server receives first identifying information of self terminal and label information so that carry out proof procedure; Wherein, after first identifying information and the label information from second medium that obtain from first medium, this terminal sends to authentication server with desired first identifying information and label information; And wherein after first identifying information and label information that receive from this terminal, authentication server adopts received first authorization information and label information to carry out proof procedure (first scheme of the present invention).
According to another aspect of the present invention, a kind of authentication server that is connected with a terminal is provided, this terminal is obtained first identifying information and is obtained label information from second medium from first medium, first identifying information is discerned first medium, this authentication server receives from first identifying information of this terminal and label information so that carry out proof procedure, this authentication server comprises: the media information receiving trap is used to receive first identifying information and label information from this terminal; And demo plant, be used to adopt first received identifying information and label information to carry out proof procedure (alternative plan of the present invention).
Preferably, in alternative plan of the present invention, second medium can be stored second identifying information that is used to discern second medium; This authentication server can also comprise the second identifying information receiving trap, is used to receive second identifying information that is obtained from second medium by this terminal; And this demo plant can carry out proof procedure (third party's case of the present invention) under the combination of second identifying information and label information and situation that second identifying information and the combination of label information of storage formerly conform to.
Preferably, in alternative plan of the present invention, demo plant can carry out proof procedure (cubic case of the present invention) under first identifying information situation about conforming to of the first received identifying information and storage formerly.
Preferably, in alternative plan of the present invention, demo plant can carry out proof procedure (the 5th scheme of the present invention) under the combination of first received identifying information and label information and situation that first identifying information and the combination of label information of storage formerly conform to.
Preferably, in alternative plan of the present invention, authentication server can also comprise searcher, and it is retrieved first authorization information and retrieve second authorization information according to received label information according to the first received identifying information; Wherein demo plant can adopt first authorization information and second authorization information that are received by searcher to carry out proof procedure (the 6th scheme of the present invention).
Preferably, in the 6th scheme of the present invention, authentication server can also comprise: the label information conveyer is used to produce label information and sends the label information that is produced to terminal; And memory storage, the label information and second identifying information that are used for being produced are stored an into storage unit relatively; Wherein searcher can be retrieved the label information of being stored (the 7th scheme of the present invention).
Preferably, in the 7th scheme of the present invention, the label information conveyer can use the label information that generation makes new advances after the label information that terminal receives (all directions of the present invention case) in demo plant carrying out proof procedure.
Preferably, in alternative plan of the present invention, at least one of first and second mediums can be the pocket memory (the 9th scheme of the present invention) that is made of IC-card or semiconductor memory.
Preferably, in alternative plan of the present invention, authentication server can also comprise the first new identifying information that is used to receive self terminal and label information so that the authorization information memory storage that comes storage authentication information according to the first received identifying information and label information; Wherein said demo plant can adopt the authorization information of being stored to carry out proof procedure (the tenth scheme of the present invention).
According to another aspect of the present invention, a kind of verification method for the authentication server use that is connected with a terminal is provided, this terminal is obtained first identifying information and is obtained label information from second medium from first medium, first identifying information is discerned first medium, described verification method makes authentication server can receive first identifying information of self terminal and label information so that carry out proof procedure, this authentication server comprises media information receiving trap and demo plant, and this verification method may further comprise the steps: (a) make the media information receiving trap receive first identifying information and the label information of self terminal; And make demo plant use received first identifying information and label information to carry out proof procedure (the 11 scheme of the present invention).
Preferably, in the 11 scheme of the present invention, second medium can be stored second identifying information that is used to discern second medium; And authentication server comprises the second identifying information receiving trap; This verification method is further comprising the steps of: (c) make the second authorization information receiving trap receive second identifying information that is obtained from second medium by this terminal from terminal; And (d) execution in step (b) under second identifying information of the combination of second received identifying information and label information and storage formerly and situation that label information conforms to, to carry out proof procedure (the 12 scheme of the present invention).
Preferably, in the 11 scheme of the present invention, this verification method can also may further comprise the steps, and execution in step (b) is to carry out proof procedure (the 13 scheme of the present invention) under first identifying information situation about conforming to of the first received identifying information and storage formerly.
Preferably, in the 11 scheme of the present invention, this verification method can also may further comprise the steps: execution in step (b) is to carry out proof procedure (the of the present invention the tenth cubic case) under first identifying information of the combination of first received identifying information and label information and storage formerly and situation that label information conforms to.
Preferably, in the 11 scheme of the present invention, this authentication server can also comprise searcher, and this verification method can also may further comprise the steps: (e) make searcher use the first received identifying information to retrieve first authorization information and use received label information to retrieve second authorization information; And (f) execution in step (b) is carried out proof procedure (the 15 scheme of the present invention) so that be used in first and second authorization informations that retrieve in the step (e).
Preferably, in the 15 scheme of the present invention, authentication server can also comprise label information conveyer and memory storage, and this verification method can also may further comprise the steps: (g) make the label information conveyer produce label information and send the label information that is produced to terminal; (h) memory storage is stored the label information that produced and second identifying information in the storage unit relatively; And (i) execution in step (e) with the label information (the 16 scheme of the present invention) stored of retrieval.
Preferably, in the 16 scheme of the present invention, this verification method can also may further comprise the steps: the label information conveyer has been used in this demo plant carrying out proof procedure produce new label information (the 17 scheme of the present invention) after the label information that terminal receives.
Preferably, in the 17 scheme of the present invention, at least one of first and second mediums can be the pocket memory (the tenth all directions case of the present invention) that is made of IC-card or semiconductor memory.
Preferably, in the 17 scheme of the present invention, this authentication server can also comprise the authorization information memory storage, and this verification method can also may further comprise the steps: (j) make the authorization information memory storage receive the first new identifying information of self terminal and label information so that according to first received identifying information and label information storage authentication information; And (k) execution in step (b) is carried out proof procedure (the 19 scheme of the present invention) to use the authorization information stored.
According to a further aspect of the invention, a kind of proving program for the computing machine use that is connected with a terminal is provided, this terminal is obtained first identifying information and obtain label information from second medium from first medium, described first identifying information is discerned first medium, this proving program makes computing machine can receive first identifying information of self terminal and label information so that carry out proof procedure, this proving program makes computing machine carry out following function: the media information receiving function, and reception comes first identifying information and the label information of self terminal; And authentication function, use first received identifying information and label information to carry out proof procedure (the 20 scheme of the present invention).
Preferably, in the 20 scheme of the present invention, this second medium can be stored second identifying information that is used to discern second medium, and proving program can also make computing machine carry out the second identifying information receiving function that receives second identifying information that is obtained from second medium by this terminal from terminal; Wherein authentication function can be performed, thereby carries out proof procedure (the 21 scheme of the present invention) under the combination of second received identifying information and label information and situation that second identifying information and the combination of label information of storage formerly conform to.
Preferably, in the 20 scheme of the present invention, authentication function can be performed, thereby carries out proof procedure (the 22 scheme of the present invention) under first identifying information situation about conforming to of first identifying information that is received and storage formerly.
Preferably, in the 20 scheme of the present invention, this authentication function can be performed, thereby carries out proof procedure (the 23 scheme of the present invention) under the combination of first received identifying information and label information and situation that first identifying information and the combination of label information of storage formerly conform to.
Preferably, in the 20 scheme of the present invention, this proving program can also make computing machine carry out function of search, is used for using the first received identifying information to retrieve first authorization information and use received label information to retrieve second authorization information; Wherein this authentication function can be performed, thereby uses first and second authorization informations that retrieved by function of search to carry out proof procedure (the of the present invention the 20 cubic case).
Preferably, in the of the present invention the 20 cubic case, this proving program can also make computing machine carry out following function: the label information transmitting function is used for producing label information and sends the label information that is produced to terminal; And memory function, the label information and second identifying information that are used for being produced store in the storage unit relatively; Wherein said function of search can be performed, thus the label information (the 25 scheme of the present invention) that retrieval is stored.
Preferably, in the 25 scheme of the present invention, the label information transmitting function can be performed, thereby has used the label information that generation makes new advances after the label information that terminal receives (the 26 scheme of the present invention) in authentication function carrying out proof procedure.
Preferably, in the 20 scheme of the present invention, at least one in first and second mediums can be the pocket memory (the 27 scheme of the present invention) that is made of IC-card or semiconductor memory.
Preferably, in the 20 scheme of the present invention, proving program can also make computing machine carry out from terminal and receive the first new identifying information and label information so that according to the first received identifying information and the authorization information memory function of label information storage authentication information; Wherein authentication function can be performed, thereby uses the authorization information of being stored to carry out proof procedure (the 20 all directions case of the present invention).
According to a further aspect of the invention, a kind of medium is provided, it is according to storing a proving program by the mode that the computing machine that is connected with a terminal reads, described terminal is obtained first identifying information and obtain label information from second medium from first medium, this first identifying information is discerned first medium, this proving program makes computing machine can receive first identifying information of self terminal and label information so that carry out proof procedure, this proving program makes computing machine carry out following function: the media information receiving function, and reception comes first identifying information and the label information of self terminal; And authentication function, use first received identifying information and label information to carry out proof procedure (the 29 scheme of the present invention).
Preferably, in the 29 scheme of the present invention, this second medium can be stored second identifying information that is used to discern second medium, and proving program can also make computing machine carry out the second identifying information receiving function that receives second identifying information that is obtained from second medium by this terminal from terminal; Wherein authentication function can be performed, thereby carries out proof procedure (the 30 scheme of the present invention) under the combination of second received identifying information and label information and situation that second identifying information and the combination of label information of storage formerly conform to.
Preferably, in the 29 scheme of the present invention, authentication function can so carry out, thereby carries out proof procedure (the 31 scheme of the present invention) under first identifying information situation about conforming to of the first received identifying information and storage formerly.
Preferably, in the 29 scheme of the present invention, authentication function can so carry out, thereby carries out proof procedure (the 32 scheme of the present invention) under the combination of first received identifying information and label information and situation that first identifying information and the combination of label information of storage formerly conform to.
Preferably, in the 29 scheme of the present invention, proving program can also make computing machine carry out the first received identifying information of use and retrieve first authorization information and use received label information to retrieve the function of search of second authorization information; Wherein authentication function can be performed, and carries out proof procedure (the 33 scheme of the present invention) thereby use by first and second authorization informations that retrieved by function of search.
Preferably, in the 33 scheme of the present invention, this proving program can also make computing machine carry out following function: the label information transmitting function is used for producing label information and sends the label information that is produced to terminal; And memory function, the label information and second identifying information that are used for being produced store in the storage unit relatively; Wherein said function of search can be performed, thus the label information (the of the present invention the 30 cubic case) that retrieval is stored.
Preferably, in the of the present invention the 30 cubic case, the label information transmitting function can be performed, thereby has used the label information that generation makes new advances after the label information that terminal receives (the 35 scheme of the present invention) in authentication function carrying out proof procedure.
Preferably, in the 29 scheme of the present invention, at least one in first and second mediums can be the pocket memory (the 36 scheme of the present invention) that is made of IC-card or semiconductor memory.
Preferably, in the 29 scheme of the present invention, proving program can also make computing machine carry out from terminal and receive the first new identifying information and label information so that according to the first received identifying information and the authorization information memory function of label information storage authentication information; Wherein authentication function can be performed, thereby uses the authorization information of being stored to carry out proof procedure (the 37 scheme of the present invention).
According to a further aspect of the invention, provide a kind of authentication server that is used for request right requirement 2 to carry out the terminal of proof procedure, this terminal comprises: the media information deriving means, be used for obtaining first identifying information and obtain label information from second medium from first medium, first identifying information is discerned first medium; And the media information conveyer, first identifying information and the label information that are used for being obtained send authentication server (the 30 all directions case of the present invention) to.
According to a further aspect of the invention, provide a kind of authentication server that is used for request right requirement 3 to carry out the terminal of proof procedure, this terminal comprises: the media information deriving means, be used for obtaining first identifying information and from second medium, obtaining second identifying information and label information from first medium, first identifying information is discerned first medium, and second identifying information is discerned second medium; And the media information conveyer, first identifying information, second identifying information and the label information that is used for being obtained sends authentication server (the 39 scheme of the present invention) to.
According to a further aspect of the invention, provide a kind of authentication server that is used for request right requirement 7 to carry out the terminal of proof procedure, this terminal comprises: the media information deriving means, be used for obtaining first identifying information and obtain label information from second medium from first medium, first identifying information is discerned first medium; The media information conveyer, first identifying information and the label information that are used for being obtained send authentication server to; And alternative, the label information that is used for being received by the label information receiving trap is replaced the label information (the 40 scheme of the present invention) in second medium.
According to a further aspect of the invention, provide a kind of authentication server that is used for request right requirement 2 to carry out the checking requesting method of proof procedure, this checking requesting method uses for the computing machine that includes media information deriving means and media information conveyer, this checking requesting method may further comprise the steps: make the media information deriving means obtain first identifying information from first medium and obtain label information from second medium, first identifying information is discerned first medium; And make the media information conveyer send first identifying information and the label information that is obtained to authentication server (41 schemes of the present invention).
According to a further aspect of the invention, provide a kind of authentication server of request right requirement 3 to carry out the checking requesting method of proof procedure, this checking requesting method uses for the computing machine that includes media information deriving means and media information conveyer, this checking requesting method may further comprise the steps: make the media information deriving means obtain first identifying information from first medium and obtain second identifying information and label information from second medium, first identifying information is discerned first medium, and second identifying information is discerned second medium; And make the media information conveyer send first identifying information, second identifying information and the label information that is obtained to authentication server (42 schemes of the present invention).
According to a further aspect of the invention, provide a kind of authentication server of request right requirement 7 to carry out the checking requesting method of proof procedure, this checking requesting method uses for the computing machine that includes media information deriving means, media information conveyer, label information receiving trap and alternative, this checking requesting method may further comprise the steps: make the media information deriving means obtain first identifying information from first medium and obtain label information from second medium, first identifying information is discerned first medium; Make the media information conveyer send first identifying information and the label information that is obtained to authentication server; Make the label information of label information receiving trap reception from authentication server; And alternative is used by the received label information of label information receiving trap replaced the label information (43 schemes of the present invention) that is stored in second medium.
According to a further aspect of the invention, provide a kind of authentication server that is used to make a computing machine request right requirement 2 to carry out the checking requestor of proof procedure, this checking requestor makes computing machine carry out following function: media information obtains function, obtain first identifying information and obtain label information from first medium from second medium, first identifying information is discerned first medium; And the media information transmitting function, send first identifying information and the label information that is obtained to authentication server (the of the present invention the 40 cubic case).
According to a further aspect of the invention, provide a kind of authentication server that is used to make a computing machine request right requirement 3 to carry out the checking requestor of proof procedure, this checking requestor makes computing machine carry out following function: media information obtains function, from first medium, obtain first identifying information and from second medium, obtain second identifying information and label information, first identifying information is discerned first medium, and second identifying information is discerned second medium; And the media information transmitting function, send first identifying information, second identifying information and the label information that is obtained to authentication server (the 45 scheme of the present invention).
According to a further aspect of the invention, provide a kind of authentication server that is used to make a computing machine request right requirement 7 to carry out the checking requestor of proof procedure, this checking requestor makes computing machine carry out following function: media information obtains function, obtain first identifying information and obtain label information from first medium from second medium, first identifying information is discerned first medium; The media information transmitting function sends first identifying information and the label information that is obtained to authentication server; The label information receiving function receives the label information from authentication server; And the replacement function, use the label information that receives by the label information receiving trap to replace the label information (the 46 scheme of the present invention) that is stored in second medium.
According to a further aspect of the invention, a kind of medium is provided, it is used for request right and requires 2 authentication server to carry out the checking requestor of proof procedure according to being stored by the mode that computing machine reads, this checking requestor makes computing machine carry out following function: media information obtains function, obtain first identifying information and obtain label information from first medium from second medium, first identifying information is discerned first medium; And the media information transmitting function, send first identifying information and the label information that is obtained to authentication server (the 47 scheme of the present invention).
According to a further aspect of the invention, a kind of medium is provided, it is used for request right and requires 3 authentication server to carry out the checking requestor of proof procedure according to being stored by the mode that computing machine reads, this checking requestor makes computing machine carry out following function: media information obtains function, from first medium, obtain first identifying information and from second medium, obtain second identifying information and label information, first identifying information is discerned first medium, and second identifying information is discerned second medium; And the media information transmitting function, send first identifying information, second identifying information and the label information that is obtained to authentication server (the 40 all directions case of the present invention).
According to a further aspect of the invention, a kind of medium is provided, it is used for request right and requires 7 authentication server to carry out the checking requestor of proof procedure according to being stored by the mode that computing machine reads, this checking requestor makes computing machine carry out following function: media information obtains function, obtain first identifying information and obtain label information from first medium from second medium, first identifying information is discerned first medium; The media information transmitting function sends first identifying information and the label information that is obtained to authentication server; The label information receiving function receives the label information from authentication server; And the replacement function, use the label information that receives by the label information receiving trap to replace the label information (the 49 scheme of the present invention) that is stored in second medium.
Therefore, the invention provides and a kind ofly adopt verification system that electronic tag provides high security and convenience and use a plurality of mediums to carry out the verification system of safety verification each user.
Description of drawings
Fig. 1 is a concept map, demonstrates out enforcement automatic login system of the present invention;
Fig. 2 is a key diagram, schematically demonstrates so-called label technique;
Fig. 3 is a synoptic diagram, demonstrates the representative network structure of implementing automatic login system of the present invention;
Fig. 4 is a synoptic diagram, demonstrates the typical logical organization of IC-card;
Fig. 5 is a block scheme, schematically demonstrates the functional structure of automatic login unit;
Fig. 6 is the process flow diagram that is used for from the step of the automatic login of terminal;
Fig. 7 is a block scheme, schematically demonstrates the functional structure of record cell;
Fig. 8 is the process flow diagram that constitutes the step of the new recording process that is undertaken by automatic login system;
Fig. 9 is a synoptic diagram, demonstrates the typical hardware configuration of a server;
Figure 10 is a synoptic diagram, demonstrates out the typical hardware configuration of this terminal;
Figure 11 is a synoptic diagram, demonstrates exemplary screen conversion thereon when terminal is connected with site for service;
Figure 12 is the synoptic diagram of typical home page;
Figure 13 is the synoptic diagram of typical card logon screen;
Figure 14 is the synoptic diagram of typical ID related announcement screen;
Figure 15 finishes the synoptic diagram of screen for typical ID association;
Figure 16 is the synoptic diagram of typical pocket memory setting screen;
Figure 17 sets the synoptic diagram of finishing screen for typical pocket memory;
Figure 18 is the process flow diagram of the step of the electronic tag production process that constitutes the use relate to the information relevant with pocket memory;
Figure 19 relates to the manually process flow diagram of the step of the login process of input of password for constituting;
Figure 20 is a concept map, demonstrates the automatic login system of enforcement as second embodiment of the invention;
Figure 21 is a synoptic diagram, demonstrates the representative network structure as the automatic login system of second embodiment;
Figure 22 A is a block scheme, schematically demonstrates the logical organization of the automatic login unit of second embodiment, and Figure 22 B is a synoptic diagram, demonstrates the logical relation between those projects of the user authentication information in being stored in the authorization information database;
Figure 23 is the process flow diagram that is used to sign in to the step on the site for service;
Figure 24 be wherein the user to the process flow diagram of the step of site for service registration;
Figure 25 A, 25B and 25C are synoptic diagram, demonstrate unique user and how to use IC-card and pocket memory to verify usually; And
Figure 26 A and 26B are synoptic diagram, demonstrate a plurality of users and how to use IC-card and pocket memory to verify usually.
Embodiment
Now with reference to these accompanying drawings the preferred embodiments of the invention are elaborated.
(1) general introduction of embodiment
It is user tag and server ticket that this embodiment relates to comprising that authorization information for example is divided into two electronic tags for the raw data of verifying the password that uses.User tag is by user management, and server ticket is by server admin.
In when login, the user sends user tag to server with the peculiar information of card (card-specific information) (will read in non-contacting mode) relevant with server ticket from IC-card.
It is the copy label (counterpart) of user tag that server uses the peculiar information of card to come by the memory search server ticket.When retrieving server ticket, server uses server ticket and user tag to rebuild raw data.This server is verified this user by using the raw data of rebuilding then.
Each traditional electronic tag has an identified region usually, wherein writes the information of the copy label that is useful on the label that identification is concerned about.This means that single electronic tag just is enough to discern this copy label.On the contrary, in this embodiment, user tag and the information separated that is used for server ticket is appointed as the copy of user tag.These two labels must send to server separately.Afterwards, even user tag is revealed to the third party, can not use this user tag to verify this third party separately.
Fig. 1 is a concept map, demonstrates to implement automatic login system of the present invention.User tag is stored in the external memory media that pocket memory 11 promptly can manually transmit.Block peculiar information stores in non-contact IC card 10.
In this embodiment, server 5 makes the peculiar information of card be associated with server ticket.When from site for service when login of terminal 3 to being structured in server 5, the user is provided with pocket memory 11 and IC-card 10 and gives terminal 3.
This terminal 3 reads the peculiar information of card and read out user tag 111 from pocket memory 11 from IC-card 10.Send the information and the user tag that read out like this to server 5 by the Internet 2.
In server 5, search unit 32 retrievals and the relevant server ticket of the peculiar information of received card.
The same as described, this embodiment relates to and will be divided into skimble-skamble electronic tag (user tag 111 and server ticket 115) when adopting separately from peculiar information of the card of non-contact IC card 10 and password.Server 5 is advanced in server ticket 115 storages, and pocket memory 11, the external memory media that can manually transmit are advanced in user tag 111 storages.
When checking, server matches server ticket 115 and user tag 111 so that rebuild this password from the peculiar information of the card of IC-card 10 by using.
(2) details of this embodiment
This embodiment has been utilized by the electronic tag that adopts so-called label technique to produce and has been verified the user.
Label technique relate to by suitable logic with one group of claimed raw data be divided into a plurality of when using separately skimble-skamble electronic tag (label information).That is to say that any in these separation tags is not enough to rebuild raw data.
This label technique is described on principle with reference to Fig. 2 below.
Claimed raw data 130 is divided into a plurality of electronic tags by suitable logic.In this embodiment, raw data is divided into two parts, label A and label Bs.
Label A and B are skimble-skamble when using separately.Any one people that the reconstruction raw data need have a label obtains the copy label.From these labels any one inferred till the ass ascends the ladder and raw data or copy label.Even under the situation of illegal these two label As of acquisition and B, they are put together will can not rebuild raw data simply.Obtain raw data by the opposite reconstruction member of cutting procedure that carries out carrying out by the use predetermined logic with the front.
As shown in Figure 2, obtain raw data 130a by combining and make this combination to carry out process of reconstruction these label As and B.Raw data 130 is identical with data reconstruction 130a.
The same as described, rebuild raw data and need collect all electronic tags that separate and make them carry out process of reconstruction.
When separately preserving, the electronic tag that is produced to obtain high security.
Perhaps, can collect the part electronic tag so that rebuild the part raw data.
As raw data, this embodiment takes to be used for verifying user's password and the peculiar information of card that is kept at all non-contact ID cards of user.Though can only adopt password as raw data and it is divided into a plurality of labels constructs automatic login system 1, this embodiment will block peculiar information and password is divided into a plurality of labels together, because this can be convenient to checking work.
Fig. 3 is a synoptic diagram, demonstrates the representative network structure of implementing automatic login system 1 of the present invention.
This automatic login system 1 comprises server 5, the terminal 3 of having used this website and the Internet 2 that is used to this terminal is connected with server 5 in the mode of networking that wherein has site for service.
For example, terminal 3 is made of the personal computer with browser.User at these terminal 3 places can use the site for service 17 that is structured in the server 5 by the Internet 2.
Though only demonstrate a terminal 3 in order to simplify and to illustrate Fig. 3, can dispose a plurality of terminals 3 and be connected with server 5 by the Internet 2.
This terminal 3 has a reader/writer 7 as peripheral hardware.This reader/writer 7 writes data in the IC-card 10 in non-contacting mode or reading of data therefrom.
IC-card 10 (first portable storage media, first medium) be portable storage media, it includes and is used to produce the antenna of electric energy and transmission and received signal and has the semi-conductor chip that is used to store the storage unit of data and program and is used to carry out the arithmetical unit of arithmetic behaviour computing.When IC-card 10 remained close to reader/writer 7, the radiowave that sends from reader/writer 7 made IC-card 10 produce the energy that drives inner semi-conductor chip.
Utilize the semi-conductor chip that activates like this, carry out exchanges data by the radio between reader/writer 7 and IC-card 10.This makes the CPU (CPU (central processing unit)) of terminal 3 write data on the semi-conductor chip in the IC-card 10 or reading of data therefrom.
This embodiment has adopted a kind of non-contact IC card 10.Perhaps, the IC-card 10 that uses for this embodiment can be Contact Type Ic Card or contact magnetic card.
In use, this Contact Type Ic Card contacts with the electrode of reader/writer by its contact point.The contact of Jian Liing makes data can be written on the IC chip in this Contact Type Ic Card or therefrom reads out like this.
The contact magnetic card contacts by the magnetic head of its magnetic strap with the reader/writer that is used to carry out data read and/or write operation.
When adopting non-contact IC card, simply this card is remained on reader/writer 7 tops and just can read or write data as IC-card 10.Card insertion mechanism does not help to be user-friendly to.Owing to need not card operating mechanism or contact portion, reduced relevant expense.Contact has not reduced the trouble that is generally caused by wearing and tearing or wrong contact.
In addition, the noncontact or the Contact Type Ic Card that are used as medium prove easily, because it can be easy to be contained in user's the wallet or pocket.Another advantage is that different with magnetic card, noncontact or Contact Type Ic Card are without any occurring the magnetic part that magnetic data damages problem easily.
Fig. 4 schematically demonstrates a typical logical organization of IC-card 10.
Though do not demonstrate, its inner structure of the semi-conductor chip in IC-card 10 logically is divided into a plurality of zones of using for a plurality of application programs.
In this embodiment, IC-card 10 has the logic region that holds electronic money.Like this, IC-card 10 can be as the device of paying with electronic money.
Electronic money is by allowing IC-card 10 be filled with tradable numerical value and realized by the suitable device of supplementing with money.When balance account, deduction and the corresponding numerical value of required payment from IC-card 10.
Therefore operate according to prepaying under the clearing scheme as the IC-card 10 of electronic money device.
IC-card 10 demonstrates and is equipped with the electronic money function that is not as being used for the necessary device of automatic login feature, but mainly as an example that can allow automatic login system of the present invention be used in combination with application program.
This IC-card 10 functional is not limited to automatic login.This IC-card 10 can be arranged to make its electronic money function can use or allow to visit the information that is stored in the portable storage media after carrying out proof procedure according to the authorization information of obtaining as mentioned above.
In IC-card 10, card ID (unique ID) 25 stores (Fig. 4) in the mode that can not damage.This card ID25 is not shown in the surface of IC-card 10 and (therefore can not visually detects); It is that any one people of handling this card is not easy the secret password known.Terminal 3 can use reader/writer 7 to read card ID25.
This IC-card 10 is provided with the regional 26a that electronic money is housed.In addition, this IC-card 10 can not store with damaging and accept the required unique electronic money ID of electronic money service.
Electronic money ID is printed on the surface of IC-card 10.By the electronic money ID by this printing, the user can inquire about the electronic money operator or carry out other relevant operation.
In the following description, block peculiar information promptly this IC-card 10 exclusive information will constituting by card ID25 and electronic money ID26.Server 5 makes each server ticket (first label information) be associated with the combination of corresponding card ID25 and electronic money ID26.Like this, block peculiar information and be used as the identifying information that is used for discerning this server ticket.
Though this embodiment adopts the peculiar information of card as identifying information, this does not also mean that this identifying information only limits to this and blocks peculiar information.As long as any out of Memory suitably relevant with server ticket can adopt.For example, password that can customer identification information is for example relevant with server ticket, passphrases (pass phrase) or user ID are stored in the IC-card 10 and are used as identifying information.
In addition, though this embodiment adopts the combination of card ID25 and electronic money ID26 as the peculiar information of card, this does not also mean that the content of the peculiar information of card only limits to this particular combinations.Optionally, card ID25 or electronic money ID26 can be used alone as the peculiar information of card.As another possibility, can adopt the customizing messages that uses for the Another application program of using this IC-card 10 as the peculiar information of card.
Adopting electronic money ID26 is easily as the peculiar information of card for the people who responds user's query when handling this IC-card 10.This is because electronic money ID26 visually is recorded on the surface of IC-card 10.
Block peculiar information and be not and be used for unique resource of search server label.For individual peculiar other personal information arbitrarily that has this card can be as the trigger data that helps the retrieval server label.
With reference to Fig. 3, this terminal 3 has a pocket memory driver 8, is used for writing data on the pocket memory 11 and reading of data therefrom.
This pocket memory 11 (second portable storage media, second medium) is for example for being combined with the storage card of the memory storage that can read and write itself.Under any circumstance, storer 11 is non-volatile, can carry medium, and it can be installed on the terminal 3 and can therefrom dismantle.
In this embodiment, pocket memory 11 is advanced in user tag (second label information) storage that is derived from the raw data that is used to verify.When checking, terminal 3 obtains user tag from pocket memory 11.
It should be noted that the user tag that this embodiment does not allow to be kept in the given pocket memory 11 copies in another pocket memory 11 to be used for checking.
Forbid that replication theme for example is by realizing with encrypting to user tag as the peculiar information of pocket memory of decruption key.Under this scheme, the user tag that can not use arbitrarily other the peculiar information of pocket memory to encrypt is deciphered.Optionally,, send user tag to server 5 with the peculiar information of pocket memory, thereby this server 5 can be verified user tag and the peculiar information of pocket memory and whether corresponds to each other in when checking.
In another is arranged, as will be described later, the peculiar information of this pocket memory can be as the part raw data of therefrom obtaining label.This layout makes user tag can not use when verifying under situation about copying on any other pocket memory 11.
Use browser, the server of terminal 3 visits on the Internet 2.When with these servers in any when connecting, this terminal 3 can accept the service of the site for service that free that server sets up.
From each of these site for services, browser can be downloaded HTML (Hypertext Markup Language) file or XML (extension markup language) file, playing image and sound from file in download, and send the information of user input (password that is used to verify, to the answer of questionnaire etc.) to visited site for service.
In order to replenish its standard feature, the browser on terminal 3 can be installed into terminal 3 with the auxiliary routine that is used for the function expansion.
More particularly, this embodiment makes terminal 3 to realize Auto Login feature by allowing browser download specific auxiliary routine (will be described later) and the program of downloading is installed in the terminal 3 from server 5.
Auto Login feature is for example worked as follows: when the login button of user click on logon screen, this terminal 3 is arranged to read the peculiar information of card and resulting information is sent to server 5 from IC-card 10, and reads user tag and this label is sent to server 5 from pocket memory 11.
Though this embodiment is arranged to be installed into the terminal 3 from server 5 download auxiliary routines and with the program of downloading, this does not limit the invention.Optionally, the user can buy the browser that is equipped with Auto Login feature in advance.
This server 5 provides service for the user of registered in advance.
The service that is provided for example comprises: the website that is used to carry out e-bank or security exchange; Be used to provide for example website of film, music and video-game of various amusements; Be used to sell the website of downloadable software; The website that is used for mailorder business; And the website that is used for providing data retrieval by database.
Site for service 17 provides various services in response to the request that comes self terminal 3.
Automatically login unit 15 is for by verifying user's functional unit by the peculiar information of the card that sends from terminal 3 and user tag.As will illustrating in greater detail in the back, login unit 15 automatically from terminal 3 retrievals and the relevant server ticket of the peculiar information of card.When detecting and obtaining server ticket, login unit 15 automatically and rebuild raw data from server ticket with from the user tag that terminal 3 sends out.From raw data, retrieve password or other adequate information by the unit 15 that uses for user rs authentication then.
The functional unit of registering unit 13 for allowing serious hope to use the new user of this site for service 17 to register.After new user registers with registering unit 13, login the 15 couples of users in unit automatically and carry out proof procedure.
Fig. 5 is a block scheme, schematically demonstrates the functional structure of automatic login unit 15.
Automatically login unit 15 comprises a terminal access unit 31, a search unit 32, reconstruction unit 33, an authorization information generation unit 34 and an authentication unit 35.
Terminal access unit 31 (discrimination information acquisition unit, the second label information acquiring unit, receiving trap) and terminal 3 swap datas.More particularly, terminal access unit 31 sends to access terminal 3 with the logon screen data, and the peculiar information of card and the user tag that send out from terminal 3 in response to the logon screen Data Receiving.
Whether 31 card authentications peculiar information in terminal access unit sends out from identical terminal 3 with user tag.Automatically login unit 15 is arranged to refuse inspection of books under the peculiar information of card and situation that user tag sends out from different terminals 3 respectively.This is safe addition thereto.
Search unit 32 (the first label information searcher, searcher) is from the peculiar information of terminal access unit 31 receiving cards, and the server ticket that matches from 20 search of server ticket database and the peculiar information of card that is received.As mentioned above, each server ticket is associated with the peculiar information of relevant card.Therefore the peculiar information of received card makes the corresponding server ticket of user that search unit 32 can be searched for and ask to login.
Reconstruction unit 33 (authorization information deriving means) obtains the server ticket that obtained by search unit 32 and obtains user tag from terminal access unit 31.Use server ticket and user surface, this reconstruction unit 33 is rebuild raw data.In this embodiment, rebuild raw data and produce password and the peculiar information of card.
Though this embodiment has utilized password and the peculiar information of card as raw data, this is not the content that is used for limiting raw data.Can adopt arbitrarily can be with the information that acts on the identifying information of verifying the user as raw data.To describe as the embodiment of raw data wherein using the peculiar information of pocket memory below.
Authorization information generation unit 34 (authorization information deriving means) obtains the password and the peculiar information of card of reconstruction from reconstruction unit 33.The user ID that this authorization information generation unit 34 is associated with this password and the peculiar information of card from User Information Database 19 search then.
According to password and the user ID that is retrieved, this unit 34 produces authorization information and gives authentication unit 35 with the message transport that is produced.
In this arrangement, password and user ID are arranged to rebuild authorization information, and this password is divided into a plurality of labels.Part authorization information (that is password) is transformed into label information the addition thereto that guarantees security is provided.
Though user ID is associated with password and the peculiar information of card in this embodiment, this does not limit the invention.Optionally, user ID can only be associated with password, the peculiar information of card or the card ID of the peculiar information of formation card and any among the electronic money ID.
Authentication unit 35 (demo plant, entering device) obtains authorization information (password and user ID) from authorization information generation unit 34, and according to the Information Authentication user who is obtained.When successfully having verified the user, authentication unit 35 makes the user can sign in in the site for service 17.If the user is not verified, then authentication unit 34 refusal logins, and send error message for terminal 3.
Fig. 6 logins the into process flow diagram of the step of site for service 17 for the user at terminal 3 places when login system 1 is being worked automatically.
Carry out following step by the CPU of terminal 3 and the CPU of server 5 according to suitable program.
For example the user at terminal 3 places uses URL (URL(uniform resource locator)) access server 5 (steps 105) of browser by importing site for service 17.
Auxiliary routine makes terminal 3 that these functions are provided, and for example reads the peculiar information of card during by terminal 3 access services websites 17, reads user tag and the peculiar information of card and the user tag that will read like this send server 5 to from pocket memory 11 the user.
The same as hereinafter described, auxiliary routine also helps new user to server 5 registrations.
If think that auxiliary routine has been installed under the situation in the terminal 3, for example when finding that this user is for the second time or another time (pass) when visiting this server 5, this server 5 will not transmit auxiliary routine in step 405.
Terminal 3 receives and installs auxiliary routine.Utilize the auxiliary routine of installing like this, terminal 3 drives reader/writer 7 so that visit IC-card 10 (step 110).Be not set on the reader/writer 7 if find IC-card 10, the message that for example " IC-card please be set " then occur, thereby remind the user that IC-card is arranged in the appropriate location.
IC-card 1 will block peculiar information by communicating by letter with reader/writer 7 in the noncontact mode then and send to terminal 3 (step 205).
This terminal 3 is obtained the peculiar information of card by reader/writer 7, and sends the information of being obtained to server 5 (step 115).
This server 5 receives the peculiar information of card (step 410) that is transmitted.
This terminal 3 reads user tag (step 120) by operation pocket memory driver 8 then from pocket memory 11.If find pocket memory 11 not to be arranged on pocket memory driver 8, the message that for example " pocket memory please be set " then occurs, thereby remind the user that pocket memory 11 is set.
This pocket memory 11 provides the user tag of being stored (step 305) for terminal 3 by pocket memory driver 8.
Conversely, the user tag that will obtain from pocket memory 11 of this terminal 3 sends to server 5 (step 125).
In server 5, terminal access unit 31 receives this user tag (step 415).
In the step in front, demonstrate terminal 3 and at first read the peculiar information of card and this information is sent to server 5 (step 115), read out user tag then and this label is sent to server 5 (step 125).But this does not limit the invention.Optionally, terminal 3 can read peculiar information of card and user tag, and sends these two kinds of information to server 5 together.
As another possibility, this terminal 3 can at first send to user tag server 5, the peculiar information of transfer card then.
Authorization information generation unit 34 receives the password and the peculiar information of card of rebuilding from reconstruction unit 33.Generation unit 34 is searched for the user ID (step 430) that is associated with received password and the peculiar information of card from User Information Database 19 then.
The checking if the user succeeds, the on-screen data after then server will be logined (that is, being formed in the data of the screen that is demonstrated by browser after the login on terminal 3) sends terminal 3 (step 440) to.
On-screen data after the terminal 3 reception logins is to allow browser use received data presentation to go out login back screen (step 130).
The checking if the user does not succeed, then server 5 sends to terminal 3 with the error message on-screen data.
Though this embodiment is arranged to allow server 5 verify these users, the structure of this server is not limited to this layout.Optionally, special authentication server can be set uses for user rs authentication.Have only those the users by the checking of this authentication server can accept service from server 5.
As another possibility, a kind of private server can be provided, it can obtain login ID and password from each user's user tag and server ticket.This private server can be equipped with the needed information of login process to any server of customer requirements login.
Fig. 7 is a block scheme, schematically demonstrates the functional structure of registering unit 13.
Registering unit 13 comprises these functional units for example terminal access unit 41, reception information process unit 42, label generation unit 43 and server tag memory cell 44.
Terminal access unit 41 (log-on message deriving means, the second label information conveyer) the registration screen data is sent to the new registration user, receive and handle the log-on message by registration screen discrepancy, and send the user tag that is produced to terminal 3 by the user.
Being used for the registration screen that is prepared for accepting login service of input information for the user comprises the zone of the input validation information that wherein is used for (password, user ID etc.) and wherein is used for importing the zone of user's personal information (name, age, sex, address, work address, hobby etc.).That is to say that this log-on message includes authorization information.
Except by the information of user by registration screen input, the information that terminal access unit 41 receives from terminal 3 when the user registers also comprises the card ID25 that is read by terminal 3 from IC-card 10.If server 5 is arranged to use the peculiar information of pocket memory, then terminal access unit 41 also receives the peculiar information of the pocket memory that retrieves from pocket memory 11.
Receive information process unit 42 reception information from terminal access unit 41.According to received information, processing unit 42 is written to by the user profile with relevant new registration user and upgrades this User Information Database 19 in the database.Simultaneously, reception information process unit 42 will be included in the password in the received information and block peculiar information and send to label generation unit 43.
This label generation unit 43 (label information generation device) will be transformed into user tag and server ticket from password and the peculiar information of card that reception information process unit 42 receives.Send the user tag that produces like this to terminal 3 from terminal access unit 41.Conversely, terminal 3 receives user tag and it is deposited in the pocket memory 11.
By server ticket storage unit 44 (associated apparatus, memory storage) server ticket is put in the server ticket database 20.
In addition, the peculiar information of card (combination of card ID and electronic money ID) during server ticket storage unit 44 makes the server ticket that is contained in the server ticket database 20 and is stored in User Information Database 19 is associated.This association allows to search out the server ticket that conforms to the peculiar information of corresponding card.
Fig. 8 is at the user at the terminal 3 places process flow diagram to the step of site for service 17 registrations when the registering unit 13 of login system 1 is being worked automatically.
These following steps are to carry out according to suitable program by the CPU of terminal 3 and the CPU of server 5.
User access server 5 (step 505) at terminal 3 places.Providing from server under the homepage data conditions, the user clicks on the new registration button or carries out some other suitable operations and be ready that will represent the user information that re-registers sends to server 5.
Correspondingly, the terminal access unit 41 in server 5 sends to terminal 3 (step 805) with the registration screen data.
Terminal 3 receives the registration screen data.Browser utilizes received data allow user's cuit bar.The user imports password, user ID and other relevant information in the into shown registration screen that goes out, and the information of being imported is sent to server 5 (step 510).Had the user under the situation of user ID, imported that ID by registration screen.If the user does not also obtain user ID, then the user obtains it by registering.Optionally, server 5 can automatically be set user ID for the new registration user.
Terminal access unit 41 in registering unit 13 sends to terminal 3 (step 815) with auxiliary routine.When the user registered, auxiliary routine made terminal 3 can read card ID25 and electronic money ID26 from IC-card 10, the ID that is obtained is sent to server 5, and user tag is written on the pocket memory 11.If, then skip this step if the auxiliary routine that auxiliary routine or this browser have pre-installation has been installed.
This terminal 3 is installed the auxiliary routine that receives from server 5.According to the auxiliary routine of being installed, these terminal 3 operation reader/writers 7 are to begin the reading peculiar information of card (step 515) from IC-card 10.
Being arranged on IC-card 10 on the reader/writer 7 will block peculiar information in non-contacting mode and send to terminal 3 (step 605).
Terminal 3 will send server 5 (step 525) to from the peculiar information of the card that IC-card 10 obtains again.
In server 5, the terminal access unit peculiar information of 41 receiving cards (step 820).
Receive information process unit 42 with received information stores in User Information Database 19, and make user ID and block peculiar information be associated (step 825).
Label generation unit 42 is transformed into user tag and server ticket (step 830) with password and the peculiar information of card then.
Server ticket storage unit 44 makes the server ticket that is produced be associated (step 835) with the peculiar information of card, and server ticket is put in the server ticket database 20 (step 840).
Terminal access unit 41 receives the user tag that is produced from label generation unit 43, and received label is sent to terminal 3 (step 845).
This terminal 3 receives the user tag (step 530) that sends out from terminal access unit 41.
These terminal 3 operation pocket memory drivers 8 are to be written to received user tag on the pocket memory 11 (step 535) then.
These pocket memory 11 storage user tag (step 710).
Terminal access unit 41 is finished notice with registration and is sent to terminal 3 (step 850).
This terminal 3 receives this registration and finishes notice and make the received notice (step 540) of browser display.
Fig. 9 is a synoptic diagram, demonstrates the typical hardware configuration of server 5.
As shown in Figure 9, server 5 comprises a control module 51, a communication control unit 52, a display unit 53, an I/O unit 54, a storage unit 55 and make the bus 58 that data and control signal can exchange between these device.
This control module 51 is made of CPU, ROM (ROM (read-only memory)) and RAM (random access memory).CPU carries out various calculating, controls whole server 5, and communicates on the Internet 2 according to suitable program.In this embodiment, 51 pairs of requests of control module user of login are automatically registered, and in the login process user who visits this site for service 17 are being verified automatically according to automatic logging program.
I/O unit 54 for example by input media for example keyboard and mouse, the memory medium driver that is used to drive removable storage apparatus and printing device for example printer constitute.Like this, can operate I/O unit 54 to allow server 5 admit order and data and output data.
But storage unit 55 by can read/write storage device for example high capacity storage hard disk drive constitute.
Automatically logging program 56 is for to make control module 51 carry out the program of Auto Login feature.
When control module 51 reads and carries out automatic logging program 56, registering unit 13 and automatically login unit 15 on basis of software, realize.
Though do not demonstrate, storage unit 55 is preserved and is used to allow control module 51 can carry out for example OS of file input and output (operating system) of basic function.In storage unit 55, also preserve and be used to move this site for service 17 needed program and data.
Figure 10 is a synoptic diagram, demonstrates the typical hardware configuration of this terminal 3.
In this embodiment, terminal 3 is made of a personal computer.This terminal 3 has the control module 61 that is connected with keyboard 65, mouse 65, display unit 67, printer 68, communication control unit 69, input/output interface 73, reader/writer 7, pocket memory driver 8, memory medium driver 71 and storage unit 75 by bus 72.
This control module 61 is made of CPU62, ROM63 and RAM64.
Control module 61 according to a plurality of programs for example 77 operations of OS program 76 and browser program to carry out various functions: keep communicating by letter with server 5; Allow the Auto Login feature that the user can registrar 5; If the user registers, then allow the user to sign in to automatically on this server site 17; Make the user can use this site for service 17; And control whole terminal 3.
CPU62 is the peripheral hardware of control module 61.By load module the medium that drives from ROM63, storage unit 75 or by memory medium driver 71, thereby this CPU62 controls control module 61 according to the program of being packed into.The same as hereinafter described, when operating according to auxiliary routine 78, CPU62 also carries out following function: the peculiar information of transfer card (as the identifying information conveyer); Transmit user tag (as the second label information conveyer); Transmit log-on message (as the log-on message conveyer); And will store into the storage unit 75 (as the second label information memory storage) in the user tag that registration the time receive from server 5.
ROM63 is a ROM (read-only memory), and it is preserved CPU62 and calculates and the needed program of control operation, data and parameter.
RAM64 is the random access memory as the working storage of being used by CPU62.This CPU62 can be written to the deletion that RAM64 goes up and will write with program and data from RAM64.In this embodiment, RAM64 is provided with and makes the user to register so that sign in to zone on the server 5 automatically, be used to the zone that allows the user to sign in to the zone on the site for service 17 automatically and allow the user to use this site for service 17.
Keyboard 65 is made of various buttons: be used to import the button of assumed name and alphabetic character, the numeric keypad that is used for input digit, function key, cursor key and other button.
Keyboard 65 for example is used for importing the user profile that will send to server 5, and input for example is used in use operating the information of the order of these programs.
Mouse 66 indicating device for being used for by the user clicking on button on GUI (graphic user interface) screen on the terminal 3 etc. and the icon being presented at.Operating this mouse 66 makes the user to import relevant information so that operate this terminal 3 on request.
Display unit 67 for example is a CRT monitor, LCD, plasma display or some other suitable displays, is used for display message on its screen.Display unit 67 screen that provides from the result of keyboard 65 and/or mouse 66 inputs, by site for service 17 can be provided and be used to make the registration screen of the Auto Login feature that the user can registrar 5.
Printer 68 is for being used for for example printing on the paper at printed medium the device of program execution result and out of Memory.Printer 68 for example comprises ink-jet printer, laser printer, thermal transfer printer or stylus printer.
Communication control unit 69 device for being used for that terminal 3 is connected with the Internet 2 and constituting by modulator-demodular unit, terminal adapter and other device.
Communication control unit 69 can be arranged through LAN (LAN (Local Area Network)) and be connected with the Internet 2.
Under the control of CPU62, communication control unit 69 (for example, TCP/IP) sends and receives operation according to predetermined agreement.
Storage unit 75 constitutes with the driver that writes by can read/can write medium and carrying out data read with respect to this medium.The main hard disk that uses is as medium.Optionally, also can use some to can read/can write medium for example magneto-optic disk, disk or semiconductor memory.
Storage unit 75 is equipped with program for example OS program 76, browser program 77 and auxiliary routine 78 and data.
OS program 76 is for making the base program that terminal 3 can be operated.Wherein function that OS program 76 is provided is the input and output files.
Browser program 77 is for visiting the site for service of being set up by server 5 or other WWW (WWW) server and making the program of display unit 67 according to the on-screen data display screen that sends out from the website of being visited.Browser program 77 can also play out sound and animation from the data that receive.
Auxiliary routine 78 is downloaded and is installed in the terminal 3 from server 5.
This program can be configured to two kinds of independent programs, promptly is used for the auxiliary routine of new registration and is used for the auxiliary routine of login automatically.This program 78 can also be arranged to provide the single program of these two kinds of functions.
Auxiliary routine 78 Help Viewers 77 carry out user's registration or login automatically.More particularly, auxiliary routine 78 is read the peculiar information of card so that send server 5 to when the user registers or logins automatically from IC-card 10, from pocket memory 11, read user tag when logining automatically, to send server 5 to, perhaps when the user registers, will be written on the pocket memory 11 from the user tag that server 5 receives.
Storage unit 75 is equipped with those additional datas and the program controlling communication control unit 69 or be used to operate reader/writer 7 and pocket memory driver 8 of being used for.
The driver of memory medium driver 71 for carrying out data read and write with respect to the removable storage media except pocket memory 11.The paper tape and the CD-ROM that can comprise magneto-optic disk, disk, tape, have punching data on tape by the removable storage media that driver 71 is handled.Should be noted that, can only from CD-ROM or from paper tape reading of data.This memory medium driver 71 can be used for Backup Data is written to suitable medium or is used for set up applications software from the medium of packing into.
Input/output interface 73 for example forms by a serial line interface or with the interface of other suitable operating such.Be installed in the function of expanding this terminal 3 on the input/output interface 73 by the external unit that will meet employed interface standard.The external unit that can install comprises storage unit for example hard disk drive and loudspeaker and microphone.
Reader/writer 7 and pocket memory driver 8 will illustrate below, therefore will no longer describe.
To the Auto Login feature of server 5 be described below.This server 5 has the login process function, and it makes the user (that is, to send server 5 to by manual input validation information and with this information) in the conventional mode and logins.
Finding that IC-card and pocket memory 11 are arranged under the situation in the terminal 3, allow the user to sign in to automatically on the server 5.If find IC-card 10 and pocket memory 11 are not set, then must carry out traditional login process.
Because server 5 provides Auto Login feature and traditional login feature, so it can be dealt with any user and not consider the resource that they have.
To the exemplary screen conversion of being carried out when carrying out automatic login process and traditional login process be described below.
Figure 11 is a synoptic diagram, demonstrates the screen conversion on terminal 3 in automatic login process and in traditional login process.
At first the screen conversion of being carried out during automatic login process is described.
The user at terminal 3 places the URL of site for service 17 is imported the into url field of browser.This makes server 5 will send this terminal 3 about the home screen data of this site for service 17 to.By these data, the display unit 67 of terminal 3 demonstrates in the home screen 81 shown in (a) of Figure 11.
When being arranged on IC-card 10 and pocket memory 11 in the terminal 3, the user clicks login button 85.This click makes terminal 3 to send server 5 to from peculiar information of the card that IC-card 10 is read and the user tag of reading from pocket memory 11.Conversely, server 5 on-screen data after will logining carries out user rs authentication and login process before sending to terminal 3.
Terminal 3 receives login back on-screen datas, and makes display unit 67 therefore demonstrate screen 83 after the login of (c) of Figure 11.
That is to say that under the situation of carrying out automatic login process, the user only clicks the login button 85 on home screen 81.Login back screen 83 appears on the display then, and carries out other operation without the user.
To the screen conversion of carrying out during traditional login process be described now.Suppose, IC-card 10 and pocket memory 11 are not arranged in the terminal 3.
The user at first imports the URL of site for service 17 by browser.This makes display unit 67 demonstrate the home screen 81 of Figure 11 (a).
The user clicks the login button 85 on home screen 81 then.The information that click action makes terminal 3 that notification server is clicked on login button 85 sends to server 5.In this, terminal 3 notification servers, 5 pocket memories 11 and IC-card 10 all do not have to be provided with.This makes server 5 infer that the user wants to carry out traditional login process and therefore sends the logon screen data to terminal 3.
Use the logon screen data, this terminal 3 demonstrates at the logon screen 82 shown in Figure 11 (b).
This logon screen 82 has a user ID input field 86 and a password input field 87.The user uses keyboard 65 grades that user ID and password are imported in these fields, and clicks and send button 88.This click makes terminal 3 send the user ID and the password of user's input to server 5.
This terminal 3 receives from on-screen data after the login of server 5, and makes display unit 67 therefore demonstrate screen 83 after the login of Figure 11 (c).
In the above-described embodiments, demonstrate finding that IC-card 10 and pocket memory all are not arranged under the situation in the terminal 3 and automatically carry out traditional login process.But this does not limit the invention.Optionally, under any situation of finding to be provided with in IC-card 10 or the pocket memory 11, can start traditional login process.
As another optional embodiment,, select then can for user one if find that when clicking login button 85 IC-card 10 and pocket memory 11 all do not have to be provided with.That is to say, can remind the user IC-card 10 and pocket memory 11 to be set, perhaps require the user to proceed login according to traditional approach so that login automatically.
To describe other typical screen construction now.
The synoptic diagram of the typical homepage that is provided by site for service that realizes with this embodiment is provided Figure 12.
The same as shown, this homepage demonstrates three projects: " obtaining new user ID ", " with ID input login " and " with the card login ".The user is with one in these projects of click.This clicking trigger jump to user-selected corresponding items webpage on.
If the user wants again to the user of this site for service registration or except when also want to be assigned with new user ID outside the preceding user ID that has, then option " is obtained new user ID ".Select this project to trigger and jump to registration screen, the user can re-register or have the new user ID of setting or distribution by this screen.
If the user wants to carry out traditional logging program, then option " with ID input login ".
Select this project to make and jump to traditional logon screen of manually importing user ID and password by it.
Wish to use user's option " with the card login " of IC-card 10 logins.
Select feasible the jumping to of this project to block logon screen using shown in Figure 13.
On with the card logon screen, message " is set to your card on the card reader " to remind and is used for IC-card 10 is set to reader/write device 7.The IC-card 10 that reader/writer 7 beginning polls have set.
Also demonstrate message " your pocket memory that will include label is set on the personal computer " with the card logon screen, thereby remind the user that pocket memory 11 is set on the pocket memory driver 8.
If also not with pocket memory 11 initialization (that is, the relevant still pocket memory 11 with user ID of IC-card 10 also not being initialised to hold label), then the user is input to the pass word field with password to the user.When also not having the initialization pocket memory or when the pocket memory initialization still not being used storage card, utilizing the login process that relates to IC-card and import help by outside password.
The same as described, make the user use IC-card 10 and pocket memory 11 automatically to login with the card logon screen, perhaps manually enter password simultaneously and semi-automatically login by setting IC-card 10.
If IC-card 10 and pocket memory 11 have been arranged in the terminal 3, then skip with the card logon screen, and login automatically immediately.
If in IC-card 10 and the pocket memory 11 any is arranged in the terminal 3, then will do not demonstrate any message for the device of being installed.
Figure 14 schematically demonstrates when carrying out the peculiar information of the card of waiting period chien shih in IC-card 10 shown typical ID related announcement screen that goes out when relevant with user ID with automatic login system.
When request registration, automatically login system makes and occurs being used for reminding the user that IC-card 10 is set to screen on the reader/writer 7.When the user set IC-card 10, reader/writer 7 was read the peculiar information of card from this card.The information that is retrieved is presented on the related notification screen of ID.Card ID is a secret number, and it is exemplarily represented so that can not recognized by the user by asterisk (*) on screen.
To block peculiar information in suitable button (not shown) click and send server 5 to.This makes IC-card to be associated with user ID.
Figure 15 schematically demonstrates a typical ID association and finishes screen, and this screen occurs when the peculiar information of card is associated with user ID finishing.
This screen display goes out a message, and expression remains on IC-card 10 and replaces the input user ID on the reader/writer 7.Also demonstrate such message, expression initialization pocket memory 11 has been eliminated the necessity of entering password.Though do not demonstrate, the ID association is finished screen display and is gone out a selection key, is used for making the user can determine whether to want initialization pocket memory 11.If initialization pocket memory 11 is wanted in user's decision, the pocket memory initialization screen of Figure 16 then appears.
If the user determines not initialization pocket memory 11, then the user remains on IC-card 10 on the reader/writer 7, and manually enters password so that login.
Except reminding the user that pocket memory 11 is set to the message on the reader/writer 7, this pocket memory initialization screen display goes out two fields: the user ID input field, and remind the user to import user ID to test; And the password input field, require the user to enter password, from this password, will produce electronic tag.
The user imports user ID and password, and clicks transmission button (not shown).This click makes and sends input information to server 5, produces electronic tag thus.
In the electronic tag that produces like this, user tag is sent to terminal 3 and be written on the pocket memory 11.This makes the pocket memory initialization that Figure 17 occurs finish screen.This screen display two message.A message is said the initialization of having finished pocket memory.Another message says that pocket memory 11 is combined permission to be logined automatically with IC-card 10, and need not manually to enter password.
Implement automatic login system 1 of the present invention as mentioned above following advantage be provided:
(1) has following effect with label checking user.
Authorization information is transformed into server ticket and user tag.If server ticket is revealed after server 5 is under attack, if as if perhaps user tag is stolen after pocket memory 11 is stolen, the danger of then rebuilding origin authentication information from the label of losing is actually zero.Therefore login system 11 provides very high security automatically.
By IC-card 10 that preserved and relevant with authorization information unique informations are the numbers (card ID25, electronic money ID26) that are used for setting up and verifying the association of needed data (that is server ticket).Afterwards, promptly IC-card 10 is lost, and it can not be by illegal third party's abuse.
If if these two label separate storage on two portable storage medias and two medium drop in dishonest third party's hand, then can rebuild raw data in duplicity ground from these medium by these two labels that obtain are cooperated.But this possibility is impossible for automatic login system 1 of the present invention.Since tag storage in server 5 and another be stored in the portable storage media (pocket memory 11), stopped that still the third party rebuilds raw information so obtain these two portable storage medias (IC-card 10 and pocket memory 11).
(2) carrying out automatically, login provides following effect.
Needn't manually import user ID or password, because be used for the IC-card 10 of automatically login and pocket memory 11 in conjunction with to allow the user skip this input.
Needn't remember user ID or password, this is easily for the user.
Owing to needn't remember password, can make password quite complicated; It can be that the complex combination of capitalization, lowercase and numeral is to improve security.
(3) adopt non-contact IC card 10 to provide following effect as portable storage media.
This IC-card 10 is easy to use, because the user only needs it is remained on the reader/writer 7.
Because IC-card 10 needn't contact with reader/writer 7 physics, so this reader/writer 7 and IC-card 10 can durables and so kept their integrality.
If adopt contact portable storage media (Contact Type Ic Card), then in outdoor situations, can go wrong.Dust or rainwater can hinder the correct contact between terminal and the medium.Eliminated this possibility by using non-contact IC card 10.
(first modification)
In the above-described embodiment, demonstrate password and be transformed into user tag and server ticket with the peculiar information of card.Optionally, can utilize other resource as the raw data that therefrom produces electronic tag.
For example, user ID, password, card ID25, electronic money ID26 and the peculiar information of pocket memory each can use separately or can be in conjunction with as raw data.
As first modification of this embodiment, adopt the peculiar information of pocket memory as the raw data that therefrom derives electronic tag.Process flow diagram with reference to Figure 18 to how implementing this modification describes below.
In the step shown in Figure 18, those steps that are also included among Fig. 8 will be given identical step number, and will only describe the step relevant with handling the peculiar information of pocket memory.
Terminal 3 operation pocket memory drivers 8 are to read the peculiar information of pocket memory (step S526) from pocket memory 11.
This pocket memory 11 offers terminal 3 (step S705) with the peculiar information of its pocket memory.
The peculiar information of pocket memory that terminal 3 will be obtained from pocket memory 11 sends to server 5 (step S528).This server 5 receives the peculiar information of pocket memory (step S903) that sends out from terminal 3.
In server 5, label generation unit 43 produces random number (step 905).As the numerical example on the basis that produces random number as being time data, thereby the numeral that is produced is with true random.
Store into server ticket database 20 (step S910) by the random number that label generation unit 43 produces as server ticket.
Peculiar information of pocket memory that use obtains from terminal 3 and the random number that is produced in step 905, this label generation unit 43 is encrypted (step S915) to the hash of the password that obtains from the user.Terminal access unit 41 sends the password hash of encrypting to terminal 3 (step S920) as user tag.
The user tag (step S530) that this terminal 3 receives from server 5.By pocket memory driver 8 received user tag is written to (step S535) on the pocket memory 11.
This pocket memory is preserved the user tag (step S710) that is written in wherein.
Top step uses the peculiar information of pocket memory to produce electronic tag when equally carrying out as described.When peculiar information comprises in the electronic tag with pocket memory, can make such step, thereby if that label-copying in another pocket memory 11, makes then the user tag that is placed in this pocket memory 11 invalid.
Top arrangement for example relates to allows terminal 3 transmit the peculiar information of pocket memory when logining automatically, thereby can check the information that is transmitted according to the peculiar information of the pocket memory of rebuilding from electronic tag.
(second modification)
Second modification of top embodiment needs the user manually to enter password.In this second modification was used, the user manually entered password, and simultaneously IC-card 10 is arranged on the terminal 3.
For this modification, block peculiar information and also be associated with relative users ID in server 5.When password by manually input and transmit and block peculiar information when sending out of user by IC-card 10, this modification can be used password and user ID checking user.
Describe how implementing this second modification of the present invention with reference to Figure 19 below.
Terminal 3 is access server 5 (step 1105) at first.If also find in terminal 3 auxiliary routine to be installed, then server 5 sends auxiliary routine to terminal 3 (step 1203).
Under the help of auxiliary routine, terminal 3 begins to read the peculiar information of card (step 1110) from IC-card 10.This IC-card 10 blocks peculiar information in non-contacting mode with it and sends to terminal 3 (step 1005).This terminal 3 will send to server 5 (step 1115) from the peculiar information of the card that IC-card 10 receives.
Terminal 3 is obtained by the password of user's input and with the password of importing and is sent server 5 (step 1120) to.Server 5 receives the password (step 1210) of self terminal 3.
The user ID (step 1213) that server 5 search are associated with the peculiar information of the card that receives from terminal 3.
After login process, server 5 will be logined the back on-screen data and send terminal 3 (step 1220) to.
This terminal 3 receives login back on-screen data and makes display unit 67 therefore demonstrate login back screen (step 1125).
(application)
Can provide other service in the following application by for example the automatic login system 1 of this embodiment being rendered to.
(1) personal information is shared
Use pocket memory 11 to make it possible between each equipment (for example, personal computer, CE equipment), share personal information.More particularly, use pocket memory 11 to allow shared electron mail text, address book entries, dispatch list, bookmark and individual brief introduction.
" CE " represents consumer, and CE equipment comprises the AV of family electrical equipment for example televisor and video recorder and other home electric production.
The URL information distribution is being given under the situation of pocket memory 11 as the raw information that therefrom derives label, allowing pocket memory 11 remain on and to begin on reader/inhalator desired webpage is conducted interviews by PC identification and with IC-card 10.
Under situation about being equipped with, only under the situation that user tag and server ticket match, just can visit private data based on the verification system of label.The privacy of personal information has been guaranteed in this setting.
(2) medium of use except IC-card 10 and pocket memory 11
Can replace or additional IC-card 10 and pocket memory 11 with other portable storage media (for example, the storer in mobile phone) and/or fixed storage media (for example, the hard disk in PC) according to this purpose.The selection of this usable storage medium is used and has been further facilitated the user.
(3) application on CE equipment
In this embodiment of the present invention, demonstrate terminal 3 for example by using personal computer to realize.In Another application, login system 1 is particularly effective when being used in combination with CE equipment (for example, digital camera, televisor) automatically.Because CE equipment has the relatively poor interface of exploitation, so the verification technique that relates to user tag 111 should be effective on being applied in CE equipment the time.
(4) application on member card
IC-card 10 can be used as member card.In this case, do not carry out checking based on password.On the contrary, server watch in IC-card 10 the peculiar information of card whether be stored in formerly that the user ID as member's mark is associated in the server.Just in time the peculiar information of Xiang Guan card proves that the owner of this IC-card 10 is the legal person.
Though in the above one embodiment of the invention and its modification are illustrated, they are embodiment rather than limit the invention.Under the situation that does not break away from the spirit or scope of the present invention, can also implement other modification and possibility.
For example, utilized IC-card 10 and pocket memory 11 although demonstrate top automatic login system 1, this does not also mean that the pocket memory medium are confined to IC-card 10 and pocket memory 11.Optionally, but can adopt the medium of floppy disk, magneto-optic disk and other manual feed.
Adopt the personal computer of being furnished with browser to be used as terminal 3 though demonstrate, do not limit the invention.Optionally, can adopt digital television or other suitable family digital equipment arbitrarily, as long as it can be connected with network.
System of the present invention should be able to repeatedly send electronic tag, thereby can change each user's password in case of necessity.
Perhaps implement in the scheme (1) that the present invention can also be below or (2).
(1) as another modification of the present invention, a kind of checking processing terminal can be provided, it comprises: user's register device is used to register the user identification number and the password that are used to discern the user; The secret number register device, be used for registering secret identifying information (card ID25) with as one of the label that is produced and will be associated by the server ticket that server (server 5) is preserved; The label receiving trap is used for receiving as another and the user tag that will be preserved by the user the label that is produced from server; And pen recorder, the user tag that is used for being received by the label receiving trap is stored in medium (pocket memory 11); Wherein these labels produce from password.
Optionally, these labels can produce from password and secret identification number.
As another possibility, checking processing terminal of the present invention can also comprise the media accreditation device, be used to register with its on want the relevant identifying information of medium of recording user label, this media identification message certification user tag to be recorded in the medium by the registration of storage register device.
(2) as another modification of the present invention, a kind of messaging device can be provided, be used for according to obtaining authorization information from user tag and server ticket with corresponding password of the identification number that is had by the user and the middle derivation of the secret identifying information from be stored in medium (IC-card 10) (card ID25), user tag and server ticket are stored in respectively in another medium (pocket memory 11) and the server (server 5).Messaging device comprises: the label conveyer, and the user tag that is used for obtaining from medium sends server to; And the secret number conveyer, the secret identifying information that is used for obtaining from medium sends server to.Server ticket from be stored in server and from the label that transmits by the label conveyer, rebuild authorization information.
In the superincumbent structure, at least a portion authorization information is divided into two labels, and a tag storage is in server, and another tag storage is in external memory media.It is insignificant fully that this label data takes out separately.In when checking, the external memory storage that includes a label with have be kept at server in the non-contact IC card of the number that is associated of another label be used in combination.This layout makes it possible to login automatically and need not import by manual ID/ password.In aspect that, system of the present invention provides safety and convenient for the user.Owing to maintain secrecy by the number that non-contact IC card is preserved, so further improved security procedure.
Equally implementing as described among the present invention, a kind of verification system that is made of terminal and authentication server is provided.This terminal is obtained from first portable storage media and is used to discern the identifying information of first label information and obtains second label information from second portable storage media.This authentication server obtains identifying information and second label information so that carry out proof procedure from terminal.In the time of on signing in to site for service, terminal sends the identifying information and second label information that is obtained to authentication server.This authentication server use is retrieved first label information from the identifying information that terminal receives, and uses resulting first label information and obtain authorization information from second label information that terminal is obtained.Carrying out according to the authorization information of being obtained under the situation of successful user rs authentication, authentication server carries out login process to allow this site for service of visit.
In the embodiment of this invention, also provide a kind of authentication server that is connected with a terminal, this terminal is obtained from first portable storage media and is used for discerning the identifying information of first label information and obtains second label information from second portable storage media.Authentication server obtains identifying information and second label information so that carry out proof procedure from terminal.Authentication server comprises: the identifying information deriving means is used for obtaining identifying information from terminal; The first label information searcher is used to use the identifying information that is obtained to retrieve first label information; The second label information deriving means is used for obtaining second label information from terminal; The authorization information deriving means is used to use resulting first label information and second label information that is obtained to obtain authorization information; And demo plant, be used to use the authorization information of being obtained to carry out proof procedure (authentication server of first scheme).
Preferably, top authentication server can also comprise another demo plant, is used to carry out login process and can visits this site for service to allow terminal under the situation that is carried out to the checking of function family by demo plant.
First label information of being handled by top authentication server and second label information can be cut apart two electronic tags that produce for the raw data of using suitable logic to be made of the part authorization information at least by a kind of like this mode that all is not enough to rebuild this raw data according to any electronic tag.
If use these electronic tags, then Shang Mian authorization information deriving means can be arranged to use first label information and second label information to rebuild raw data.
Preferably, the authentication server of first scheme can also comprise above: the log-on message deriving means is used for obtaining the log-on message that comprises authorization information from terminal; The label information generation device be used for obtaining first and second label informations according to a kind of like this mode, thereby the authorization information that is included in the log-on message that is obtained will use first and second label informations to discern; Associated apparatus is used for obtaining the identifying information that is used for retrieving first label information that is produced so that first label information is associated with the identifying information that is obtained from terminal; Memory storage is used to store the first relevant label information; And the second label information conveyer, second label information that is used for being produced sends terminal to; Can register thus and thirst for the user of login automatically.
Above the label information generation device can be arranged through and all be not enough to rebuild raw data that a kind of like this mode of this raw data uses suitable logic to be made of the part authorization information at least according to any electronic tag and cut apart and produce first and second label informations.
In the embodiment of this invention, also provide a kind of authentication server that is connected with a terminal, this terminal is obtained from first portable storage media and is used for discerning the identifying information of first label information and obtains second label information from second portable storage media.This authentication server obtains identifying information and second label information so that carry out proof procedure from terminal.Authentication server comprises: the log-on message deriving means is used for obtaining the log-on message that comprises authorization information from terminal; The label information generation device be used for producing first and second label informations according to a kind of like this mode, thereby the authorization information that is included in the log-on message that is obtained will use first and second label informations to discern; Associated apparatus is used for obtaining the terminal identification information that is used for retrieving first label information that is produced from terminal, so that first label information is associated with the identifying information that is obtained; Memory storage is used to store the first relevant label information; And the second label information conveyer, the label information that is used for being produced sends terminal (authentication server of alternative plan) to.
Above the label information generation device can be arranged through and all be not enough to rebuild raw data that a kind of like this mode of this raw data uses suitable logic that the part authorization information in the log-on message that obtains by being included in is at least constituted according to any electronic tag and cut apart and produce first and second label informations.
In the embodiment of this invention, also provide a kind of terminal, be used for and be used for discerning the identifying information of first label information and the authentication server (terminal of first scheme) that second label information sends first scheme to.
Top terminal can also comprise: the identifying information conveyer is used for obtaining identifying information from first portable storage media that stores identifying information, so that send the identifying information that is obtained to authentication server; And the second label information conveyer, be used for obtaining second label information, so that send second label information that is obtained to authentication server from second portable storage media.
For the terminal of first scheme, at least one in first and second portable storage medias can be contactless or Contact Type Ic Card.
At least a portion of top authorization information can kept secure in IC-card.
In the embodiment of this invention, also provide a kind of terminal (terminal of alternative plan) that is used for log-on message and identifying information are sent to the authentication server of alternative plan.
Above terminal preferably can comprise: the log-on message conveyer is used to obtain authorization information so that will comprise the log-on message of the authorization information of being obtained and sends authentication server to; The identifying information conveyer is used for obtaining identifying information so that send the identifying information that is obtained to authentication server from first portable storage media; And the second label information memory storage, be used for receiving second label information so that store the second received label information into second portable storage media from authentication server.
In first and second portable storage medias at least one can be contactless or Contact Type Ic Card.
In the embodiment of this invention, the portable storage media that also provides a kind of terminal for first scheme to use, this portable storage media is according to preserving second label information by the mode that terminal reads.
In the embodiment of this invention, also provide a kind of verification method for terminal use, this terminal is obtained from first portable storage media and is used for discerning the identifying information of first label information and obtains second label information from second portable storage media.This verification method comprises and obtains identifying information and second label information so that carry out the step of proof procedure from terminal.
Top method can combine use with the computing machine that is made of identifying information deriving means, the first label information searcher, the second label information deriving means, authorization information deriving means and demo plant.This verification method makes computing machine carry out following steps: make the authorization information deriving means obtain identifying information from terminal; Make the first label information searcher use the identifying information that is obtained to retrieve first label information; Make the second label information deriving means from terminal, obtain second label information; Make the authorization information deriving means use first label information that is retrieved and second label information that is obtained to obtain authorization information; And make demo plant use the authorization information of being obtained to carry out proof procedure (first verification method).
Above verification method can also comprise such step, suppose successfully proof procedure complete, then make the demo plant of top computing machine carry out login process, thereby make terminal can sign in on the desired website.
For the first top verification method, first and second label informations can be by cutting apart two electronic tags that the raw data that is made of the part authorization information at least produces and form by adopting suitable logic all to be not enough to rebuild a kind of like this mode of raw data according in first and second label informations any.
If used these electronic tags, then Shang Mian authorization information obtaining step can be arranged to use first and second label informations to rebuild raw data.
Preferably, first verification method can combine use with the computing machine that is made of log-on message deriving means, label information generation device, associated apparatus, memory storage and the second label information conveyer.This first verification method makes computing machine carry out following steps: make the log-on message deriving means obtain the log-on message that comprises authorization information from terminal; Make the label information generation device produce first and second label informations, thereby the authorization information that is included in the log-on message that is obtained will use first and second label informations to discern according to a kind of like this mode; Make associated apparatus from terminal, obtain the identifying information that is used for retrieving first label information that is produced so that first label information is associated with the identifying information that is obtained; First label information that memory device stores should be correlated with; And make the second label information conveyer send second label information that is produced to terminal.
Above label information produce step and can be arranged through the raw data that a kind of like this mode that all is not enough to rebuild this raw data according to any electronic tag uses the part authorization information in the log-on message that suitable logical division obtains by being included at least to constitute and produce first and second label informations.
In the embodiment of this invention, a kind of authorization information register method that is used in combination with the verification method that uses for a terminal also is provided, and this terminal is obtained from first portable storage media and is used for discerning the identifying information of first label information and obtains second label information from second portable storage media.This verification method comprises and obtains identifying information and second label information so that carry out the step of proof procedure from terminal.This authorization information register method uses for a kind of like this computing machine, and this computing machine comprises log-on message deriving means, label information generation device, associated apparatus, memory storage and the second label information conveyer.This authorization information register method makes computing machine carry out following steps: make the log-on message deriving means obtain the log-on message that comprises authorization information from terminal; Make the label information generation device be used for obtaining first and second label informations, thereby the authorization information that is included in the log-on message that is obtained will use first and second label informations to discern according to a kind of like this mode; Make associated apparatus from terminal, obtain the identifying information that is used for retrieving first label information that is produced so that first label information is associated with the identifying information that is obtained; Make the first relevant label information of memory device stores; And make the second label information conveyer send second label information that is produced to terminal (the first authorization information register method).
Above label information produce step and can be arranged through the raw data that a kind of like this mode that all is not enough to rebuild this raw data according in first and second electronic tags any uses the part authorization information in the log-on message that suitable logical division obtains by being included at least to constitute and produce first and second label informations.
In the embodiment of this invention, also provide a kind of information transferring method, be used for and be used for discerning the identifying information of first label information and the authentication server that second label information sends first scheme to for terminal use.This terminal comprises the identifying information conveyer and the second label information conveyer.This information transferring method makes terminal carry out following steps: make the identifying information conveyer obtain identifying information from first portable storage media that stores identifying information, so that send the identifying information that is obtained to authentication server; And make the second label information conveyer from second portable storage media, obtain second label information so that send second label information that is obtained to authentication server (first information transfer approach).
For top information transferring method, at least one in first and second portable storage medias can be contactless or Contact Type Ic Card.
Using under the situation of this IC-card, above at least a portion of authorization information can kept secure in IC-card.
In the embodiment of this invention, also provide a kind of information of using for a terminal to transmit and method of reseptance, this terminal sends log-on message and identifying information to the authentication server of alternative plan.
The information that is used in combination with the terminal that is made of log-on message conveyer, identifying information conveyer and the second label information memory storage transmits method of reseptance preferably can make terminal carry out following steps: make the log-on message conveyer obtain authorization information and send authentication server to so that will comprise the log-on message of the authorization information of being obtained; Make the identifying information conveyer from first portable storage media, obtain identifying information so that send the identifying information that is obtained to authentication server; And make the second label information memory storage from authentication server, receive second label information so that the second received label information is stored in second portable storage media.
In first and second portable storage medias at least one can be contactless or Contact Type Ic Card.
In the embodiment of this invention, a kind of proving program for the computing machine use that is connected with a terminal also is provided, and this terminal is obtained from first portable storage media and is used for discerning the identifying information of first label information and obtains second label information from second portable storage media.This computing machine obtains identifying information and second label information so that carry out proof procedure from terminal.
This proving program makes computing machine carry out following function: identifying information obtains function, obtains identifying information from terminal; The first label information function of search uses the identifying information that is obtained to retrieve first label information; Second label information obtains function, obtains second label information from terminal; Authorization information is obtained function, uses first label information that is retrieved and second label information that is obtained to obtain authorization information; And authentication function, use the authorization information of being obtained to carry out proof procedure (proving program of first scheme).
In the embodiment of this invention, a kind of proving program for the computing machine use that is connected with a terminal also is provided, and this terminal is obtained from first portable storage media and is used for discerning the identifying information of first label information and obtains second label information from second portable storage media.This computing machine obtains identifying information and second label information so that carry out proof procedure from terminal.
Top proving program makes computing machine carry out following function: log-on message obtains function, obtains the log-on message that comprises authorization information from terminal; Label information produces function, produce first and second label informations according to a kind of like this mode, thereby the authorization information that is included in the log-on message that is obtained will use first and second label informations to discern; Correlation function obtains the identifying information that is used for retrieving first label information that is produced so that first label information is associated with the identifying information that is obtained from terminal; Memory function is used to store the first relevant label information; And the second label information transmitting function, send second label information that is produced to terminal (proving program of alternative plan).
In the embodiment of this invention, also provide a kind of information convey program for the computing machine use that is connected with a terminal, this terminal will be used to discern the identifying information of first label information and the authentication server that second label information sends first scheme to.This information convey program makes to calculate carries out following function: the identifying information transmitting function, from first portable storage media that stores identifying information, obtain identifying information, so that send the identifying information that is obtained to authentication server; And the second label information transmitting function, from second portable storage media, obtain second label information, so that send second label information that is obtained to authentication server.
In the embodiment of this invention, also provide a kind of information of using for the computing machine that is connected with a terminal to transmit and the reception program, this terminal sends log-on message and identifying information to the authentication server of alternative plan.This information transmits and the reception program makes computing machine carry out following function: the log-on message transmitting function, and obtain authorization information so that will comprise the log-on message of the authorization information of being obtained and send authentication server to; The identifying information transmitting function is obtained identifying information so that send the identifying information that is obtained to authentication server from first portable storage media; And the second label information memory storage, receive second label information so that the second received label information is stored into second portable storage media from authentication server.
In the embodiment of this invention, also provide a kind of according to the medium that can store the proving program of first scheme by the mode that computing machine reads.
In the embodiment of this invention, also provide a kind of according to the medium that can store the proving program of alternative plan by the mode that computing machine reads.
In the embodiment of this invention, also provide a kind of according to the medium that can store the information convey program by the mode that computing machine reads.
In the embodiment of this invention, also provide a kind of according to the medium that can store the information transmission and the program of reception by the mode that computing machine reads.
In the embodiment of this invention, a kind of messaging device also is provided, is used for according to being stored in first medium and discerning the identifying information that is stored in first label information in the server and carry out proof procedure with second label information that is stored in second medium.This messaging device comprises: memory storage is used for the storaging identificating information and first label information these two kinds of information is associated; Receiving trap is used for receiving the identifying information that retrieves from first medium and from second label information of second medium; Searcher is used for retrieving first label information that is associated with the identifying information that is received by receiving trap from memory storage; And the authorization information deriving means, be used to use first label information that retrieves by searcher and obtain authorization information (messaging device of first scheme) by second label information that receiving trap receives.
For the messaging device of first scheme, identifying information preferably can be for being used to discern the medium identification number of this first medium.
For the messaging device of first scheme, this identifying information is chosen as the user identification number that is used to discern checking request user.
For the messaging device of first scheme, first medium can be contactless or contact card.This card can be made of IC-card.
The messaging device of first scheme can also comprise the demo plant that is used for carrying out according to the authorization information of being obtained by the authorization information deriving means proof procedure.
In the embodiment of this invention, a kind of information processing method also is provided, is used for according to being stored in first medium and discerning the identifying information that is stored in first label information in the server and carry out proof procedure with second label information that is stored in second medium.This information processing method combines use with a computing machine, and this computing machine comprises memory storage, receiving trap and authorization information deriving means.This information processing method may further comprise the steps: make the memory device stores identifying information and first label information and these two kinds of information are associated; The identifying information that receiving trap is received from first medium, retrieve and from second label information of second medium; Make searcher from memory storage, retrieve first label information that is associated with the identifying information that receives by receiving trap; And first label information that the authorization information deriving means is used retrieve and obtain authorization information by second label information that receiving trap receives by searcher.
In the embodiment of this invention, a kind of messaging device also is provided, is used for according to being stored in first medium and discerning the identifying information that is stored in first label information in the server and carry out proof procedure with second label information that is stored in second medium.This messaging device comprises: memory storage is used for the storaging identificating information and first label information these two kinds of information is associated; Receiving trap is used to receive the identifying information or second label information from first medium; Searcher is used for retrieving first label information that is associated with the identifying information that is received by receiving trap from memory storage; And the authorization information deriving means, be used for obtaining authorization information (messaging device of alternative plan) according to first label information and second label information that retrieve by searcher.
(second embodiment)
Now with reference to accompanying drawing second preferred embodiment of the present invention is elaborated.
The general introduction of (1) second embodiment
Figure 20 is a concept map, demonstrates the automatic login system of enforcement as second embodiment of the invention.When carrying out automatic login process, login system 100 makes the user can use the peculiar information 101 of the card that is kept in the IC-card 10 to come requests verification with the password information 102 that is kept in the pocket memory 11 automatically.
When request server 110 was verified, the user was set to IC-card 10 and pocket memory 11 on the terminal 3 and sends server 110 will block peculiar information 101, password information 102 and pocket memory ID103 to from medium.
This server 110 receives the information and the ID of being sent out, and watches received password information 102 and whether pocket memory ID103 is relative to each other in authorization information database 120.This server 110 is also checked and is retrieved password information in the pocket memory from be deposited with authorization information database 120.
By by this authorization information database 120, this server 110 obtains password 105 from the combination of password information 102 and the peculiar information 101 of card, and obtains user ID 106 from block peculiar information 101.
When equally obtaining user ID 106 from the combination of password information 102 and the peculiar information 101 of card as described, this server 110 can be confirmed to be recorded in the authorization information database 120 by the IC-card 10 that the user uses.Whether those during this server 110 can also be checked IC-card 10 and the combination of pocket memory 11 and formerly be recorded in authorization information database 120 are consistent.
Obtain password 105 though the second top enforcement dislike demonstrates from the combination of received password 102 and the peculiar information 101 of card, the present invention is not limited to this.Optionally, can from password information 102, obtain password 105.
This server 110 carries out proof procedure according to the user ID 106 and the password 105 that obtain like this.
The checking if the user succeeds, then server 110 makes the user to login.If user rs authentication is unsuccessful, then server 110 refusing user's login.
After authentication procedures, server 110 produces the password information 102 that makes new advances and it is sent to terminal 3.This terminal 3 receives password information 102 and it is write on the pocket memory 11.
This is written to password information 102 on the pocket memory 11 and will be used in next time in the authentication procedures.
The details of (2) second embodiments
Figure 21 is a synoptic diagram, demonstrates the representative network structure of enforcement as the automatic login system 100 of second embodiment of the invention.
The network configuration of this automatic login system 100 is identical with the network structure of foregoing automatic login system 1.This system 100 comprises server 110, the terminal 3 of using this site for service and the part the Internet 2 that this terminal 3 is connected with server 110 that wherein has site for service.
In the following description, those devices of second embodiment identical with corresponding intrument in the described embodiment in front will be represented by identical reference number, and the explanation of these devices will be simplified or delete.
Terminal 3, reader/writer 7, pocket memory driver 8 and IC-card 10 are structurally identical with those devices in the described embodiment in front.
This terminal 3 is carried out data according to non-contacting mode with respect to IC-card 10 by reader/writer 7 and is write and read.Terminal 3 is also carried out data read by the pocket memory 11 that allows 8 drivings of pocket memory driver be mounted in it with respect to pocket memory 11 and is write.
IC-card 10 (Figure 20) is preserved the peculiar information 101 of card or is the peculiar information of this IC-card (that is, be used to make that this IC-card and other IC-card distinguish information).
Each can use card ID, the electronic money ID that gives these IC-card 10 electronic money functions or some other suitable id informations separately, and perhaps they can be according to suitable combination (for example, card ID and electronic money ID) as the peculiar information 101 of card.
Though do not demonstrate, this IC-card 10 can also be preserved other card information.This information can combine with the peculiar information 101 of card by server 101 checks, thereby further improves level of security.
This IC-card 10 constitutes first medium.Block first identifying information that peculiar information is formed for discerning first medium.
As will be in the back described, a plurality of segments that preferably can password stored information 102 be so that be used in a plurality of configurations.
This pocket memory 11 constitutes second medium.Password information 102 constitutes the label information that is associated with authorization information.This pocket memory ID103 is formed for discerning second identifying information of second medium.
When being separately positioned on IC-card 10 and pocket memory 11 in reader/writer 7 (Figure 21) and the pocket memory driver 8, this terminal 3 reads the peculiar information 101 of card and read password information 102 and pocket memory ID103 from pocket memory 11 from IC-card 10.Give server 110 with the information and the ID transmission from terminal 3 that obtain like this.
Need pocket memory ID 103 to be used for confirming that pocket memory 11 is registered in the server 110 as this user's legitimate right.Make the request that is used for user rs authentication by using peculiar information 101 of card and password information 102.
Like this, the user can ask user rs authentication by simply IC-card 10 and pocket memory 11 being arranged in the terminal 3.The user can sign in on the server 110 like this, and need not import user ID or password by entr screen.
Automatically login unit 15a use is carried out proof procedure from peculiar information 101 of card and password information 102 that terminal 3 sends out.When the user succeeds checking, login unit 11a automatically and make the user to login.
As institute is the same in greater detail in the back, logins unit 15a automatically and block peculiar information 101 and password information 102 retrieves user ID and password from authorization information database 120 by using.The authorization information that obtains by retrieval is used for the user is verified.
Registering unit 13a makes new user to register and uses this site for service 17a.Automatically login unit 15a carries out authentication procedures each user who re-registers by registering unit 13a.
Figure 22 A is a block scheme, schematically demonstrates the functional structure of automatic login unit 15a.
Automatically login unit 15a comprises a terminal access unit 131, a password information verification unit 132, an authorization information search unit 133, an authentication unit 134 and a password information generation unit 135.
More particularly, terminal access unit 131 sends to access terminal 3 with the logon screen data; The peculiar information 101 of card, password information 102 and the pocket memory ID103 that send out from terminal 3 in response to the logon screen Data Receiving; And will send to terminal 3 by the password information that password information generation unit 135 produces.
This terminal access unit 131 constitutes the media information receiving trap of this embodiment.
Preferably, whether this terminal access unit 131 can be arranged to the peculiar information 101 of check card, password information 102 and pocket memory ID103 and send out from same terminal 3.
In this case, can also be arranged to find that these items of information send out respectively then refuse inspection of books if login unit 15a automatically from different terminals 3.This provides additional safety practice.
Password information verification unit 132 receives password information 102 and pocket memory ID103 from terminal access unit 131, and check is to determine whether retrieving password information 102 from the legitimate right as the user is registered in pocket memory 11 the authorization information database 120.This check has prevented that password information 102 from copying on another pocket memory to swindle use from this pocket memory 11.This also provides additional safety practice.
This password information verification unit 132 can obtain the peculiar information 101 of card to determine whether to be registered in the authorization information database 120 right as the user rightly by this IC-card 10 that the user uses from terminal storing unit 131.Whether password information verification unit 132 can also use password information 102 to check the combination of pocket memory ID103 and the card combination of peculiar information 101 or password information 102 and pocket memory ID103 identical with the combination of registration.
In this second embodiment, these checks are to carry out simultaneously by authorization information search unit 133 and retrieval authorization information.
To the typical structure of authorization information database 120 be described below.
Figure 22 B is a synoptic diagram, demonstrates the logical relation between those user authentication information items in being stored in authorization information database 120.
This authorization information database 120 has the peculiar information 101 of card, password information 102, pocket memory ID103, password 105 and the user ID 105 of the connection that is relative to each other at each user storage.
The same as shown, block peculiar information 101 and password information 102, pocket memory ID103 is relevant with user ID 106.Password information 102 is also relevant with password 105.
By allowing the peculiar information 101 of card and the pocket memory ID103 that are stored in the authorization information database 120 be relative to each other, thereby server 110 can be registered the IC-card 10 that uses for the user and the combination of pocket memory 11 in advance.
By these suitable correlationships, use peculiar information 101 of card and password 102 identification user ID 106 and passwords 105 respectively.Use the user ID 106 and the password 105 of identification like this to carry out authentication procedures.
In the superincumbent situation, user ID 106 constitutes first authorization information (that is, block peculiar information 101) relevant with first identifying information, and password 105 constitutes second authorization information (password information 102) relevant with label information.
In case being used in given proof procedure, password information 102 just provides additional safety practice with its discarded this.Even pocket memory 11 is illegally obtained by the third party, this third party can not know this password 105.
In the correlationship shown in Figure 22 B is not how to be relative to each other and to limit blocking peculiar information 101, password information 102, pocket memory ID103, password 105 and user ID 106.Can set up and adopt other suitable relation, as long as they make any information can be used in the indicator of another information of indication.
Blocking peculiar information 101 needn't be relevant with password information 102.Under the situation that user ID 106 draws and password 105 draws, still can carry out authentication procedures from password information 102 from block peculiar information 101.
Though do not demonstrate, authorization information database 120 is also preserved userspersonal information's (for example, each user's name, age, sex, address, work address and hobby).
Get back to Figure 22 A, password information verification unit 132 retrieves password information 102 and the pocket memory ID103 that receives from terminal access unit 131 from authorization information database 120, so that whether check registers identical password information 102 and pocket memory ID103 (in the situation of authorization information database 120, password information 102 is relevant with pocket memory ID103 by the peculiar information 101 of card) at database 120.
The structure of checking is above transferred to authorization information search unit 133.
This authorization information search unit 133 acceptance inspection result from password information verification unit 132.
If assay determines to register the combination that password information 102 and pocket memory ID103 are arranged in authorization information database 120, then password information verification unit 132 is retrieved authorization informations.If the result of check can not confirm that password information 102 and pocket memory ID103 in conjunction with being registered in the authorization information database 120, then logining unit 15a automatically and stop proof procedure, and can not retrieve authorization information.
If if whether the combination of password information verification unit 132 check IC-cards 10 or IC-card 10 and pocket memory 11 registers and this registration is successfully checked in this unit 132, then authorization information search unit 133 is retrieved authorization informations.If this registration is not checked in top check, then login unit 15a automatically and stop proof procedure.
When the retrieval authorization information, authorization information search unit 133 obtains peculiar information 101 of card and password information 102 from terminal access unit 131.Use the combination of the information of being obtained, thereby authorization information search unit 133 retrieves user ID 106 and password 105 from authorization information database 120.User ID 106 and password 105 are forwarded to authentication unit 134 when obtaining by retrieval.
If in being registered in authorization information database 120, do not find the combination of peculiar information of card and password information in the information combination of registration, then do not retrieve authorization information.
For example, if password is originally password information 102, but different with the peculiar information of the peculiar information of card of this information 102 combinations and legal card 101, then can not carry out retrieve password 105.
The same as described, when the combination of adopting peculiar information 101 of card and password information 102 comes retrieve password 105 and user ID 106, can check to determine whether employed IC-card 10 of user and pocket memory 11 just in time are registered in the authorization information database 120.Can also check to determine whether the employed IC-card of user is legal IC-card 10.
Authentication unit 134 obtains authorization information (user ID 106 and password 105) from authorization information search unit 133, and uses the information of being obtained to verify this user.
Though do not demonstrate, this server 110 has a database, it store in proof procedure, use with each user-dependent user ID that combines and password.This authentication unit 134 is by checking the user ID 106 and the password 105 that are obtained by authorization information search unit 133 to carry out proof procedure with respect to the user ID and the password that are kept in the database.
When the user succeeded checking, authentication unit 134 made the user to sign in on the site for service.If the user is not verified, then authentication unit 134 refusals login and give terminal 3 to send error messages.
When authentication unit 134 had been through with user rs authentication, password information generation unit 135 produced the password information 102 that makes new advances and by terminal access unit 131 it is sent to terminal 3.Simultaneously, the password information 102 that password information generation unit 135 usefulness are new is replaced the disposable password information 102 that is kept in the authorization information database 120.
Automatically login unit 15a uses new password information 102 to accept to be used to be used for the user rs authentication request of proof procedure next time.
The same as described, password information generation unit 135 and terminal access unit 131 constitute the label information conveyer, and this device produces label information (password information 102) and the information that is produced is sent to terminal 3.
The memory storage that password information generation unit 135 also will be used to store the label information that is produced constitutes into authorization information database 120 (storage unit).
In case receive new password information 102 from server 110, the password information 102 that then terminal 3 usefulness are new is changed the current password information 102 (be used for the active user and verify request) that is stored in the pocket memory 11.During user's requests verification, will use newly assigned password information 102 next time.
The same as described, terminal 3 comprises: the media information conveyer is used for sending peculiar information 101 of card and password information 102 to terminal 3; The label information receiving trap is used for receiving label information (password information 102) from server 110; And alternative, the password information 102 that is used for newly producing is replaced the current password information 102 that is stored in pocket memory 11.
Figure 23 signs in to the process flow diagram of the step of site for service 17a (Figure 21) from the terminal 3 of automatic login system 100 for the user.
Step described below is carried out according to relevant program by the CPU of terminal 3 and the CPU of server 110.
User at terminal 3 places at first for example visits server 110 by the URL that utilizes browser input site for service 17a.
Conversely, terminal access unit 131 auxiliary routine that will be used to make terminal 3 possess automatic login ability sends to terminal 3 (step 2405).
For example, auxiliary routine makes terminal 3 carry out following function: as user during from this site for service of terminal 3 visit 17a, make terminal 3 from IC-card 10, read the peculiar information 101 of card, from pocket memory 11, read password information 102 and pocket memory ID103, send the peculiar information 101 of the card that reads out like this, password information 102 and pocket memory ID103 to server 110, perhaps receive by server 110 distribution and send out to lose and draw so that replace the current password information 102 that is stored in the pocket memory 11 with received password.
If find to be equipped with auxiliary routine in terminal 3, as when the second time or when visiting this server 110 once more, server 110 will not transmit auxiliary routine in step 2405.
Terminal receives auxiliary routine and it is installed.According to the program of being installed, terminal 3 activates reader/writer 7 with visit IC-card 10 (step 2110).
IC-card 10 is communicated by letter with reader/writer 7 according to non-contacting mode, will block peculiar information 101 thus and send terminal 3 (step 2205) to.
Terminal 3 is obtained the peculiar information 101 of card by reader/writer 7, and the information of being obtained is sent to server 110 (step 2115).
In server 110, the terminal access unit peculiar information 101 of 131 receiving cards (step 2410).
Terminal 3 activation of portable formula memory drives 8 are to read password information 102 and pocket memory ID103 (step 2120) from pocket memory 11 then.
In server 110, terminal access unit 131 receives password information 102 and pocket memory ID103 (step 2415).
Optionally, terminal 3 can read the peculiar information 101 of card release, password information 102 and pocket memory ID103, and temporarily sends resulting information and ID to server 110.
As another possibility, terminal 3 can at first send password information 102 and pocket memory ID103 to server 110, will block peculiar information 101 then and send to server 110.
Password information verification unit 132 (Figure 22 A and 22B) is 131 reception password information 102 and pocket memory ID103 from the terminal access unit.Under the situation that provides these two information, password information verification unit 132 retrieves the respective combination of received information from authorization information database 120.
Have the same challenge information 102 and the pocket memory ID103 of combination registration if find authorization information database 120, then whether authorization information search unit 133 check just in time is registered in the authorization information database 120 by the pocket memory 11 that the user uses, and be set in the pocket memory 11 of registration password information 102 whether with the password information 102 consistent (step 2420) that from terminal 3, sends out.
This step confirms that the information of being sent out by terminal 3 is the password information 102 that derives from the pocket memory 11 of registration.
Can also whether just in time register by the combination of checking IC-card 10 and IC-card 10 and pocket memory 11 by following steps.
For example can check this IC-card 10 whether to register by the peculiar information 101 of retrieval card release from authorization information database 120.The existence of the information 101 in database 120 has proved the legal registration of IC-card 10.Perhaps, whether consistent by being kept at the card information of the relevant IC-card 10 in the authorization information database 120, can testing the peculiar information of the card that is transmitted to watch 101 with the card information of being stored.
As another possibility,, then can stop using this to block for 10 schedule times if find this not registration of IC-card 10.
Authorization information search unit 133 is peculiar information 101 of receiving card and password information 102 from terminal access unit 131 then.Use the combination of the information that is received, this authorization information search unit 133 retrieves user ID 106 (step 2425) from authorization information database 120.
Though can use the peculiar information 101 of card to come retrieval user ID106 separately, retrieve this by the combination of peculiar information 101 of card and password information 102 and make it possible to confirm that the user is using the IC-card 10 and the pocket memory 11 of legal registration.
Authorization information search unit 133 uses password information 102 to retrieve password 105 (step 2430) then from authorization information database 120.
Authentication unit 134 receives resulting user ID 106 and password 105 so that carry out authentication procedures (step 2435) from authorization information search unit 133.
The checking if the user succeeds, the on-screen data after then server 110 will be logined (that is, being formed in the data of the screen that is demonstrated by browser after the login on terminal 3) sends terminal 3 (step 2440) to.
During on-screen data after terminal 3 receives this login, therefore browser demonstrates login back screen (step 2130).
The checking if the user does not succeed, then server 110 sends to terminal 3 with the error messages on-screen data.
Password information generation unit 135 produces the password information 102 that makes new advances then, and replaces the current password information 102 that is stored in the authorization information database 120 with new information 102.In addition, password information generation unit 135 sends to terminal 3 (step 2445) by the password information 102 that terminal access unit 131 will newly produce.
The password information 102 that terminal 3 receives from server 110, and activation of portable formula memory drives 8 is to be written to received information 102 on this pocket memory 11 (step 2135).
This makes new password information 102 replace the current password information 102 (step 2130) that is stored in the pocket memory 11.
If replace 102 failures of current password information with new information 102, then this terminal 2 can be arranged to detect this failure and announcement server 110 and its user.
Though the second top embodiment demonstrates the password information 102 that has for each proof procedure all produces again and use in a single day is just discarded, this does not limit the invention.Optionally, can in each proof procedure, use identical password information 102.In this case, the generation of these information processing steps such as password information 102 and renewal become unnecessary.
Above second embodiment demonstrate and have the password information 102 that is stored in the pocket memory 11, thereby can adopt the password 105 relevant to carry out authentication procedures with this password information 102.Optionally, this password 105 can be stored in the pocket memory 11, thereby can obtain this password 105 in case of necessity to carry out user rs authentication from storer.
As another possibility, top step 2445 and step subsequently can be used as optional step.In this case, user or the traffic operation staff that moves this server 110 can selectively carry out these steps.
If find that during above-mentioned proof procedure password information 102 does not conform to, then preferred from authorization information database 120 with password information 102 physical removal so that produce the password information 102 that makes new advances again.
With reference to Figure 24 how the user is described to site for service 17a registration below.
Figure 24 is that the user at terminal 3 places registers the process flow diagram of registering unit 13a step of effect in automatic login system 100 of server simultaneously to site for service 17a.
Step described below is carried out according to relevant program by the CPU of terminal 3 and the CPU of server 110.
At the user at terminal 3 places access server 110 (step 2505) at first.
When sending out homepage etc. from server 110, the user clicks on the new registration button that is positioned on the shown webpage to send out and is used for announcement server 110 users and wants the information that re-registers.
In server 110, registering unit 13a sends the registration screen data to terminal 3 (step 2805).
When terminal 3 received the registration screen data, therefore browser demonstrated and comprises that preparation is used for the registration screen of the input area of user's clauses and subclauses.The user imports the into shown registration screen that goes out so that send server 110 (step 2510) to password 105, user ID 106 and personal information.
If the user has had user ID 106, then that ID is imported by registration screen.Be used for still must obtaining under the situation of user ID 106, the user can obtain user ID by finishing registration, and perhaps server 110 can be set user ID 106 for the new registration user automatically.
Registering unit 13a uses information (that is, password 105, user ID 106 and out of Memory) the renewal authorization information database 120 that receives from terminal 3.This makes the user profile of new input can be registered (step 2810).
Terminal access unit 41 in registering unit 13a sends auxiliary routine to terminal 3 (step 2815) then.When the user registers, auxiliary routine makes terminal 3 can read the peculiar information 101 of card from IC-card 10 and resulting information 101 is sent to server 110, and from pocket memory 11, read pocket memory ID103 and resulting ID103 is sent to server 110, perhaps will be written on the pocket memory 11 by the password information 102 that server 110 distributes.
If, then this step is skipped if this auxiliary routine has been installed in the terminal 3 or browser has built-in auxiliary routine.
Terminal 3 is installed the auxiliary routine that receives from server 110.According to this auxiliary routine, terminal 3 drives reader/writer 7 and begin to read the peculiar information 101 of card (step 2515) from IC-card 10.
Being arranged on IC-card 10 in the reader/writer 7 will block peculiar information 101 in non-contacting mode and send to terminal 3 (step 2605).
This terminal 3 will send server 110 (step 2525) to from the peculiar information 101 of the card that IC-card 10 is read again.
In server 110, registering unit 13a receives this and blocks peculiar information 101 (step 2820).
Registering unit 13a is associated the peculiar information 101 of received card is stored in the authorization information database 120 (step 2825) by making this information 101 store user ID 106 in the authorization information database 120 in step 2825.
Pocket memory ID103 (step 2830) is transmitted in registering unit 13a requesting terminal 3.
Provide after this request, terminal 3 activation of portable formula memory drives 8 are to read pocket memory ID103 (step 2527) from pocket memory 11.
This pocket memory 11 sends pocket memory ID103 to terminal 3 (step 2705).
This terminal 3 sends to server 110 (step 2528) with this pocket memory ID103 again.
In server 110, registering unit 13a receives this pocket memory ID103.Registering unit 13a stores into authorization information database 120 (step 2840) by this ID103 is associated with the peculiar information 101 of card of storing with received pocket memory ID103 in step 2825.
Registering unit 13a produces password information 102 then, and by make this information 102 with in step 2825 the peculiar information 101 of the card password information 102 that will be produced that is associated of storage store in the authorization information database 120 (step 2843).
With after password information 102 is associated, registering unit 13a sends password information 102 to terminal 3 (step 2845) at the password 105 that makes in step 2810 storage.
The password information 102 (step 2530) that terminal 3 receives from server 110.
Terminal 3 activation of portable formula memory drives 8 are to be written to received password information 102 on the pocket memory 11 (step 2535) then.
These pocket memory 11 in store these password informations 102 (step 2710).
Afterwards, registering unit 13a finishes notice with registration and sends to terminal 3 (step 2850).
When receiving this notice, terminal 3 makes browser provide registration full notification demonstration (step 2540).
Above step when carrying out, make with the peculiar information 101 of each new user-dependent card, password information 102, pocket memory ID103, password 105 and user ID 106 as shown in Figure 22 B, being relative to each other.These steps also make password information 102 can store in user's the pocket memory 11.
The same as described, registering unit 13a is configured for the authorization information register device of the present invention according to first identifying information (blocking peculiar information 101) and label information (password information 102) registration authorization information.
This pocket memory 11 can be preserved a plurality of segments of password information 102.By using the password information of a plurality of segments, can use IC-card 10 and pocket memory 11 according to various modes.
For example, unique user can have a plurality of IC-cards 10.In another embodiment, a plurality of users can share single pocket memory 11.
To describe among these embodiment some below.
Figure 25 A, 25B and 25C are synoptic diagram, demonstrate unique user and how to use one or more IC-cards 10 and pocket memory 11 usually.
Figure 25 A demonstrates such a case, and wherein the user uses an IC-card 10 and a pocket memory 11.This pocket memory 11 is preserved and the relevant password information A of the peculiar information A of the card in IC-card 10.
In server 110, it is relevant that password information A and user ID 1 and this block peculiar information A.
In this case, allow the user to sign in on the site for service 17a by using this IC-card 10 and pocket memory 11 to obtain checking.
Figure 25 B demonstrates such a case, and wherein the user has paired IC-card 10a and pocket memory 11a and paired IC-card 10b and pocket memory 11b.
This pocket memory 11a preserves and the relevant password information A of the peculiar information A of the card in IC-card 10a.This pocket memory 11b preserves the relevant password information B with the peculiar information B of the card in IC-card 10b.
In server 110, it is relevant that password information A and user ID 1 and this block peculiar information A.It is relevant that password information B and user ID 1 and this block peculiar information B.
Can use the combination of IC-card 10a and pocket memory 11a or the combination of IC-card 10b and pocket memory 11b to verify this user.
Can not be by the combination of use IC-card 10a and pocket memory 11b or by this user of combined authentication by IC-card 10b and pocket memory 11a.
The same as described, if two IC-cards 10 and two pocket memories 11 provide in pairs, then every pair of user rs authentication that can be used for carrying out different services.
For example, the combination registration of IC-card 10a and pocket memory 11a can be used for carrying out the user rs authentication of bank service website, and the combination registration of IC-card 10b and pocket memory 11b can be used for mailordering the user rs authentication of website.
Figure 25 C demonstrates such a case, and this user has two IC- card 10a and 10b and a pocket memory 11.
This pocket memory 11 includes two kinds of password informations: with the relevant password information A of the peculiar information A of the card in IC-card 10, with the relevant password information B of the peculiar information B of the card in IC-card 10b.
In server 110, password information A is relevant with the peculiar information A of card with user ID 1.Password information B is relevant with the peculiar information B of card with user ID 1.
Can use the combination of IC-card 10a and pocket memory 11 or the combination of IC-card 10b and pocket memory 11 to verify this user.
In the situation of equally using two IC-cards 10 as described, each card can be registered the user rs authentication that is used for different services.
For example, the combination of IC-card 10a and pocket memory 11 can be registered the user rs authentication that is used to carry out the bank service website, and the combination of IC-card 10b and pocket memory 11 can be registered the user rs authentication that is used to mailorder the website.
In this case, the user only need have a pocket memory, and this is more manageable than having two.
Figure 26 A and 26B are synoptic diagram, demonstrate two users and how to use IC-card and pocket memory usually.
The use of these cards and storer for example is applied to register the kinsfolk as the user.
Figure 26 A demonstrates such a case, wherein two users each have the various combination of IC-card and pocket memory.
User with user ID 1 has IC-card 10a and pocket memory 11a.The peculiar information A of card in IC-card 10a is relevant with password information A in pocket memory 11a.
User with user ID 2 has IC-card 10b and pocket memory 11b.The peculiar information A of card in IC-card 10b is relevant with password information A in pocket memory 11b.
In server 110, password information A is relevant with the peculiar information A of card with user ID 1.Password information B is relevant with the peculiar information B of card with user ID 2.
Figure 26 B has shown that two users share a pocket memory.
User with user ID 1 has IC-card 10a, and the user with user ID 2 carries IC-card 10b.Two users share the pocket memories 11 that comprise following two category informations: with the relevant password information A of the peculiar information A of the card among the IC-card 10a, and with IC-card 10b in the relevant password information B of the peculiar information B of card.
In server 110, password information A is relevant with the peculiar information A of card with user ID 1.Password information B is relevant with the peculiar information B of card with user ID 2.
Can use user ID 1 to verify IC-card 10a and pocket memory 11 are arranged on user in the terminal 3.Can use user ID 2 to verify IC-card 10b and pocket memory 11 are arranged on user in the terminal 3.
In the Typical Disposition that pocket memory is equally shared as mentioned above, father can have IC-card 10a therein, and daughter can have IC-card 10b, and these two people can share pocket memory 11.In this situation, father is assigned user ID 1, and daughter is assigned user ID 2.
Father can register different services then with daughter.For example, father can use the user as the bank service website such as IC-card 10a and pocket memory 11.Daughter can use the user as the mail-order website such as IC-card 10b and pocket memory 11.
In case receive the user rs authentication request from the user who uses IC-card 10a and pocket memory 11, server 110 is confirmed as father according to relevant user ID 1 with this user.Server 110 makes father to sign in on the corresponding website then.Equally, if receive user rs authentication request from the user who uses IC-card 10b and pocket memory 11, then server 110 is confirmed these daughters, and allows her to sign in on the suitable site for service.
Under the situation that has three or more user, can share this pocket memory in the same way.
For example, each user can have different IC-cards, and pocket memory can be arranged to comprise a plurality of password information segments, and each segment is associated with the peculiar information of card in being kept at each corresponding card.
In described in front first embodiment, a plurality of users also can share a pocket memory.
In this case, each user's user tag is stored in this pocket memory 11.Each has independent IC-card these users.The peculiar information of card in each IC-card is associated with the server ticket of relative users in server 5.This layout makes each user can use this user's self IC-card and shared pocket memory to come request server 5 to carry out user rs authentication.
In a word, the automatic login system of describing as second embodiment of the present invention above provides following effect:
(1) owing to carries out the needed information stores of user rs authentication in IC-card 10 and pocket memory 11, request user rs authentication so the user must carry these two mediums.If one of them medium is illegally obtained by the third party, this third party can not use this medium request user rs authentication.This provides gratifying safety practice.
(2) these two mediums are that IC-card 10 and pocket memory 11 constitute by two kinds of different medium.This means and be difficult to from two mediums Copy Info to abuse.This has prevented to carry out unauthorized access by bootlegging information from these medium.
(3) using password information 102 to carry out under the situation of user rs authentication, password 105 is managed by server 110 self.This might obtain high level of security.Because password information constitutes one-time password, in case in authentication procedures, used it just that it is discarded, so additional safety practice is provided.
(4) when the password information 102 with a plurality of segments is stored in the single pocket memory 11, can use this pocket memory 11 according to a kind of flexible way.For example, this pocket memory 11 can be shared by a plurality of users and be used for its checking.Can also use this pocket memory 11 to sign in on a plurality of site for services.
(5) user can ask user rs authentication by simply IC-card 10 and pocket memory 11 being arranged in the terminal 3.The user is input validation information manually, and this can reduce the trival matters relevant with checking that the user will be concerned about.
Second embodiment of the present invention also can adopt following scheme to realize:
In implementing second embodiment, verification method for first medium (IC-card 10) and second medium (pocket memory 11) use can be provided, and this verification method may further comprise the steps: send out first identifying information (blocking peculiar information 101) that is used to discern first medium; And the label information (password information 102) of sending out second identifying information (pocket memory ID103) that is used for discerning second medium and being stored in second medium and being associated with first identifying information; Thus, if find that label information obtains from legal medium, then carry out authentication procedures (first scheme) according to first identifying information and label information.
In this first scheme, first identifying information preferably can (alternative plan) be associated with user's authorization information (at least one in password 105 and the user ID 106).
This label information can be associated with user's authorization information (third party's case).
In third party's case, can produce label information (cubic case) according to user's identifying information.
In first scheme, can produce label information (the 5th scheme) according to the mode of after each proof procedure, upgrading.
In first scheme, each can be IC-card or pocket memory for first and second mediums.
A kind of verification method that uses for terminal 3, first medium and second medium can also be provided, and this verification method may further comprise the steps: first identifying information that terminal 3 is sent out be used to discern first medium; And terminal 3 is sent out be used for discerning second identifying information of second medium and the label information that is stored in second medium and is associated with first identifying information; Thus, if find that label information obtains from legal medium, then carry out authentication procedures according to first identifying information and label information.
Have peculiar information 101 of the card that is stored in respectively in IC-card 10 and the pocket memory 11 and password information 102 though the second top embodiment demonstrates, this does not limit the invention.Perhaps, password information 102 can be stored in the IC-card 10, and the pocket memory ID103 of this pocket memory 11 can be associated with user ID 106.
The second top embodiment demonstrates and used two kinds of different mediums is IC-card 10 and pocket memory 11.Optionally, in the request user rs authentication, can use two IC-cards 10 or two pocket memories 11.In this case, can use the password information 102 that is kept at an id information in the medium and is stored in another medium to make the user rs authentication request.
Though demonstrating, the first and second top embodiments allow the user to verify that this does not also mean that the purpose of checking only limits to these users.Optionally, can verify the identification number of equipment.For example, make its user can obtain universal at present use of consumption electronic product (CE) equipment of service by network.The user of each in these equipment can use two mediums to carry out device authentication.In this case, described CE equipment can comprise reader/writer 7 and pocket memory driver 8.
Claims (25)
1. verification system, it comprises a terminal and an authentication server, described terminal is at first obtained first identifying information and obtain label information from second medium from first medium, described first identifying information is discerned described first medium, and described authentication server receives from described first identifying information of described terminal and described label information so that carry out proof procedure;
Wherein, after the described label information that obtains from described first identifying information of described first medium and described second medium, described terminal sends to described authentication server with first identifying information and the label information that is obtained; And
Described authentication server also comprises searcher, and it searches for first authorization information according to received described first identifying information;
Wherein after obtaining described first authorization information and described label information, described authentication server adopts described first authorization information and described label information to carry out described proof procedure.
2. authentication server that is connected with a terminal, this terminal is obtained first identifying information and is obtained label information from second medium from first medium, described first identifying information is discerned described first medium, described authentication server receives from described first identifying information of described terminal and described label information so that carry out proof procedure, and described authentication server comprises:
The media information receiving trap is used to receive described first identifying information and described label information from described terminal;
Searcher is used for searching for first authorization information according to described first identifying information that receives, and
Demo plant is used to adopt received described first authorization information and described label information to carry out described proof procedure.
3. authentication server as claimed in claim 2, wherein said second medium stores second identifying information that is used to discern described second medium;
Wherein said authentication server also comprises the second identifying information receiving trap, is used to receive described second identifying information that is obtained from described second medium by described terminal; And
Wherein said demo plant is carried out described proof procedure under the combination of described second identifying information that is received and described label information and situation that second identifying information and the combination of label information of storage formerly conform to.
4. authentication server as claimed in claim 2, wherein said demo plant is carried out described proof procedure under first identifying information situation about conforming to of received described first identifying information and storage formerly.
5. authentication server as claimed in claim 2, wherein said demo plant is carried out described proof procedure under the combination of received described first identifying information and label information and situation that first identifying information and the combination of label information of storage formerly conform to.
6. authentication server as claimed in claim 2 wherein also comprises searcher, and it is searched for first authorization information and retrieve second authorization information according to received described label information according to received described first identifying information;
Wherein said demo plant adopts described first authorization information and described second authorization information that are searched by described searcher to carry out described proof procedure.
7. authentication server as claimed in claim 6 wherein also comprises:
The label information conveyer is used to produce label information and sends the label information that is produced to described terminal; And
Memory storage, the described label information and described second identifying information that are used for being produced are stored an into storage unit relatively;
The label information that wherein said searcher search is stored.
8. authentication server as claimed in claim 7, wherein said label information conveyer are being carried out in the described proof procedure at described demo plant and are being used the label information that generation makes new advances after the described label information that described terminal receives.
9. authentication server as claimed in claim 2, at least one of wherein said first and second mediums are the pocket memories that is made of IC-card or semiconductor memory.
10. authentication server as claimed in claim 2, wherein also comprise the authorization information memory storage, be used to receive from the first new identifying information of described terminal and label information so that come storage authentication information according to received described first identifying information and described label information;
Wherein said demo plant uses the authorization information of being stored to carry out described proof procedure.
11. verification method for the authentication server use that is connected with a terminal, this terminal is obtained first identifying information and is obtained label information from second medium from first medium, described first identifying information is discerned first medium, described verification method makes described authentication server can receive from described first identifying information of described terminal and described label information so that carry out proof procedure, described authentication server comprises media information receiving trap, searcher and demo plant, and described verification method may further comprise the steps:
(a) make described first identifying information and the described label information of described media information receiving trap reception from described terminal; And
(b) make described searcher search for first authorization information according to described first identifying information that receives, and
(c) make described demo plant use received described first authorization information and described label information to carry out described proof procedure.
12. verification method as claimed in claim 11, wherein said second medium stores second identifying information that is used to discern described second medium; And
Wherein said authentication server comprises the second identifying information receiving trap;
Described verification method is further comprising the steps of:
(c) make the described second identifying information receiving trap receive described second identifying information that obtains from described second medium by described terminal from described terminal; And
(d) execution in step (b) is to carry out described proof procedure under second identifying information of the combination of received described second identifying information and described label information and storage formerly and situation that label information conforms to.
13. verification method as claimed in claim 11 is wherein further comprising the steps of, execution in step (b) is to carry out described proof procedure under first identifying information situation about conforming to of received described first identifying information and storage formerly.
14. verification method as claimed in claim 11 is wherein further comprising the steps of: execution in step (b) is to carry out described proof procedure under first identifying information of the combination of received described first identifying information and described label information and storage formerly and situation that label information conforms to.
15. verification method as claimed in claim 11, wherein said authentication server also comprises searcher, and described verification method is further comprising the steps of:
(e) make described searcher use received described first identifying information to search for first authorization information and use received described label information to search for second authorization information; And
(f) execution in step (b) is carried out described proof procedure so that be used in described first and second authorization informations that retrieve in the step (e).
16. verification method as claimed in claim 15, wherein said authentication server also comprises label information conveyer and memory storage, and described verification method is further comprising the steps of:
(g) make described label information conveyer produce label information and send the label information that is produced to described terminal;
(h) described memory storage is stored the described label information that produced and described second identifying information in the storage unit relatively; And
(i) execution in step (e) is to search for the label information of being stored.
17. verification method as claimed in claim 16, wherein verification method is further comprising the steps of: make described label information conveyer carry out to have used after the described label information that described terminal receives in the described proof procedure at described demo plant and produce new label information.
18. verification method as claimed in claim 11, the pocket memory of at least one of wherein said first and second mediums for constituting by IC-card or semiconductor memory.
19. verification method as claimed in claim 11, wherein said authentication server also comprises the authorization information memory storage, and described verification method is further comprising the steps of:
(j) described authorization information memory storage is received from the first new identifying information of described terminal and label information so that according to received described first identifying information and described label information storage authentication information; And
(k) execution in step (b) is carried out described proof procedure to use the authorization information of being stored.
20. a terminal that is used for the authentication server execution proof procedure of request right requirement 2, described terminal comprises:
The media information deriving means is used for obtaining first identifying information and obtain label information from second medium from first medium, and described first identifying information is discerned described first medium; And
The media information conveyer, described first identifying information and the described label information that are used for being obtained send described authentication server to.
21. a terminal that is used for the authentication server execution proof procedure of request right requirement 3, described terminal comprises:
The media information deriving means, be used for obtaining first identifying information and from second medium, obtaining second identifying information and label information from first medium, described first identifying information is discerned described first medium, and described second identifying information is discerned described second medium; And
The media information conveyer, first identifying information, second identifying information and the label information that are used for being obtained send described authentication server to.
22. a terminal that is used for the authentication server execution proof procedure of request right requirement 7, described terminal comprises:
The media information deriving means is used for obtaining first identifying information and obtain label information from second medium from first medium, and described first identifying information is discerned described first medium;
The media information conveyer, first identifying information and the label information that are used for being obtained send described authentication server to;
The label information receiving trap is used for receiving label information from described authentication server; And
Alternative is used for replacing the described label information of storing in described second medium by the described label information that described label information receiving trap receives.
23. checking requesting method that is used for the authentication server execution proof procedure of request right requirement 2, described checking requesting method uses for the computing machine that includes media information deriving means and media information conveyer, and described checking requesting method may further comprise the steps:
Make described media information deriving means obtain first identifying information from first medium and obtain label information from second medium, described first identifying information is discerned described first medium; And
Make described media information conveyer send first identifying information and the label information that is obtained to described authentication server.
24. the authentication server of a request right requirement 3 is carried out the checking requesting method of proof procedure, described checking requesting method uses for the computing machine that includes media information deriving means and media information conveyer, and described checking requesting method may further comprise the steps:
Make described media information deriving means from first medium, obtain first identifying information and from second medium, obtain second identifying information and label information, described first identifying information is discerned described first medium, and described second identifying information is discerned described second medium; And
Make described media information conveyer send first identifying information, second identifying information and the label information that is obtained to described authentication server.
25. the authentication server of a request right requirement 7 is carried out the checking requesting method of proof procedure, this checking requesting method uses for the computing machine that includes media information deriving means, media information conveyer, label information receiving trap and alternative, and described checking requesting method may further comprise the steps:
Make described media information deriving means obtain first identifying information from first medium and obtain label information from second medium, described first identifying information is discerned described first medium;
Make described media information conveyer send first identifying information and the label information that is obtained to described authentication server;
Make the label information of described label information receiving trap reception from described authentication server; And
Described alternative is used by the received described label information of described label information receiving trap replaced the label information that is stored in described second medium.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP78/2003 | 2003-01-06 | ||
| JP2003000078 | 2003-01-06 | ||
| JP400367/2003 | 2003-11-28 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1692320A CN1692320A (en) | 2005-11-02 |
| CN100343774C true CN100343774C (en) | 2007-10-17 |
Family
ID=35346980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003801003488A Expired - Fee Related CN100343774C (en) | 2003-01-06 | 2003-12-22 | Authentication system, authentication server, authentication method, authentication program, terminal, authentication request method, authentication request program, and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100343774C (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1862556B (en) * | 2006-06-27 | 2011-12-28 | 北京飞天诚信科技有限公司 | Method and apparatus for controlling computer 10g-in by contactless smart card |
| JP4483891B2 (en) * | 2007-04-02 | 2010-06-16 | フェリカネットワークス株式会社 | Information processing terminal, data movement method, and program |
| JP5098487B2 (en) * | 2007-07-26 | 2012-12-12 | 富士ゼロックス株式会社 | Authentication information processing apparatus and program |
| JP4709254B2 (en) * | 2008-07-03 | 2011-06-22 | シャープ株式会社 | Authentication system and terminal device |
| JP4812889B1 (en) * | 2010-06-09 | 2011-11-09 | 三智商事株式会社 | Wireless IC tag data processing and input device |
| CN102843359A (en) * | 2012-08-06 | 2012-12-26 | 鸿富锦精密工业(深圳)有限公司 | Automatic login system electronic device and automatic login method |
| CN105635118B (en) * | 2015-12-22 | 2019-08-13 | 华立科技股份有限公司 | A kind of user ID authentication method and system of metering device |
| CN111566629A (en) * | 2018-01-18 | 2020-08-21 | 飞力凯网路股份有限公司 | Information processing apparatus, information processing method, user terminal, service providing apparatus, and service providing method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH11196084A (en) * | 1997-10-31 | 1999-07-21 | Matsushita Electric Ind Co Ltd | Ciphering system |
| CN1357997A (en) * | 2000-12-15 | 2002-07-10 | 华为技术有限公司 | Virtual local area network access method in Ethernet access network |
| JP2002312317A (en) * | 2001-04-11 | 2002-10-25 | Casio Comput Co Ltd | Certification system and certification method |
| JP2002351845A (en) * | 2001-05-24 | 2002-12-06 | Yutaka Hokura | Electronic information protection system in communication terminal device |
-
2003
- 2003-12-22 CN CNB2003801003488A patent/CN100343774C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH11196084A (en) * | 1997-10-31 | 1999-07-21 | Matsushita Electric Ind Co Ltd | Ciphering system |
| CN1357997A (en) * | 2000-12-15 | 2002-07-10 | 华为技术有限公司 | Virtual local area network access method in Ethernet access network |
| JP2002312317A (en) * | 2001-04-11 | 2002-10-25 | Casio Comput Co Ltd | Certification system and certification method |
| JP2002351845A (en) * | 2001-05-24 | 2002-12-06 | Yutaka Hokura | Electronic information protection system in communication terminal device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1692320A (en) | 2005-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100339844C (en) | Information management system | |
| CN1482568A (en) | System for preventing unauthorized use of recording media | |
| CN1252581C (en) | Secreting and/or discriminating documents remote-controlling printing | |
| CN100347630C (en) | Copy component, program and method thereof | |
| CN1248143C (en) | Memory card | |
| CN1666213A (en) | Information processing system | |
| CN1842798A (en) | Content reproduction device, content reproduction control method, and program | |
| CN1749913A (en) | Move component, program, and move method | |
| CN1365474A (en) | Authentication system | |
| CN1842799A (en) | Content processing device, content processing method, and computer program | |
| CN1842801A (en) | Communication system, content processing device, communication method, and computer program | |
| CN1950780A (en) | Authentication system and authentication apparatus | |
| CN100347631C (en) | Return component, program, and return component method | |
| CN1749912A (en) | License source component, license destination component, and method thereof | |
| CN1842803A (en) | Communication system, communication method, content processing device, and computer program | |
| CN1842802A (en) | Content reproducing device, content processing apparatus, content distribution server, content reproducing method, content processing method, and program | |
| CN1703921A (en) | Method and apparatus for an e-commerce message using SMS | |
| CN1483177A (en) | Computer-readable information storage medium where content data is stored and content charging system | |
| CN1802637A (en) | Password change system | |
| CN1483278A (en) | Contents directory service system | |
| CN1914649A (en) | Authentication system, authentication device, and recording medium | |
| CN1653432A (en) | Information communicating terminal, content managing method, broadcast receiving method, information distributing apparatus, system, method, program and storage medium | |
| CN1476580A (en) | Content usage authority management system and management method | |
| CN1754173A (en) | Software-management system, recording medium, and information-processing device | |
| CN1842800A (en) | Content processing device, content processing method, and computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1083896 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1083896 Country of ref document: HK |
|
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071017 Termination date: 20100122 |