JP2001268075A - User authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a user authentication system that can prevent unauthorized use. SOLUTION: When a mobile phone 20 receives provision of a service of a service provision unit 32, a telephone number and an IP address as an authentication key sent from the mobile phone 20 are transmitted to a user authentication unit 30 via the Internet 26 or a leased line 34. An IP address filtering unit 28 receiving the authentication key via the Internet 26 does not transmit the authentication key to the user authentication unit 30 if the authentication key includes an IP address given by a converter 24. The authentication key sent via the leased line 34, on the other hand, is transmitted to the user authentication unit 30, which authenticates the user. Even when an unauthorized user tries to unauthorizedly use the system in a way of a pretended mobile phone user by acquiring the authentication key transmitted through the Internet 26, the IP address filtering unit 28 does not transmit the authentication key to the user authentication unit 30.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to user authentication in a service system for providing services using a network such as the Internet, and more particularly to prevention of unauthorized use.

[0002]

2. Description of the Related Art FIG. 1 shows a conventional user authentication system using the Internet. The user terminal 2 is a mobile phone or a personal computer that can use the Internet. The user terminal 2 is connected to the conversion device 4 via the telephone network 14, and the conversion device 4 is connected to the Internet 6. The user authentication device 8 and the service providing device 10 are connected to the Internet 6, respectively. The user authentication device 8 and the service providing device 10 are connected via the LAN 16.

[0003] When the user terminal 2 uses the service of the service providing apparatus 10, it is necessary to perform user authentication as a precondition. For this reason, the user terminal 2 first converts the identifier for specifying the user terminal 2 into the conversion device 4.
Send to Upon receiving the request, the conversion device 4 transmits the user terminal 2 to uniquely identify the user terminal on the network.
Of the IP address and a protocol conversion from the telephone network to the Internet of the authentication key, which is the transmitted identifier with the IP address added. Then, the conversion device 4 transmits the authentication key to the user authentication device 8 via the Internet 6. The user authentication device 8 having received the authentication key performs user authentication, and after the authentication is completed, the service providing device 10 provides a service to the user terminal 2. That is, the user authentication device 8 rejects the authentication of the user if the authentication key sent from the user terminal 2 is not authentic, and permits the use of the service if the authentication key is authentic.

Here, there are various types of user terminals having different specifications such as mobile phones and personal computers that can use the Internet. Therefore, as a result of considering the case where the same information is accessed from such various user terminals, it is considered that the user authentication device preferably handles all accesses via the Internet.

[0005] On the other hand, when the user terminal is a personal computer, a password or ID is generally used as an authentication key. On the other hand, in the case of a mobile phone that can use the Internet, the telephone is used to simplify the operation of the user. A subscriber ID uniquely specified by a number may be used.

[0006]

However, the conventional user authentication system has the following problems.

[0007] Compared with a password or ID transmitted by a personal computer as an authentication key, a subscriber ID uniquely specified by a telephone number transmitted by an Internet-enabled mobile phone as an authentication key is a variable that is relatively easy to forge. As a result, there is a concern that a malicious user impersonates a legitimate mobile phone and performs unauthorized use.

That is, a malicious user who has obtained a subscriber ID flowing through the Internet 6 of FIG. 1 by an unauthorized use terminal 12 (such as a personal computer having an unauthorized program) operates the unauthorized use terminal 12. When the user is impersonated as a legitimate mobile phone and accesses the user authentication device 8 to receive a service, the legitimate user may suffer unexpected damage. In particular, when the service is charged, there is a problem that a user who has been illegally used must pay the charge even though the service is not provided.

[0009] It should be noted that such a problem is that unlike a mobile phone which can use the Internet, a personal computer or the like has a possibility that an unauthorized user can change a program of the personal computer. This is the background.

[0010] Such a situation is a cause of anxiety for users of mobile phones that can use the Internet, and it is expected that mobile phones will provide Internet-based services, which are expected to increase in the future. It is a concern as a factor that hinders the development of the system.

The present invention has been made in view of the above-described problems,
An object of the present invention is to provide a user authentication system capable of preventing unauthorized use.

[0012]

Means for Solving the Problems and Effects of the Invention (1)
A user authentication system according to the present invention includes a terminal device, an identification information adding device connected to the terminal device via a dedicated line,
An identification information selecting and transmitting device connected to the identification information adding device via a communication channel, and connected to the identification information adding device via a dedicated line and also to the identification information selecting and transmitting device via a dedicated line. Wherein the terminal device comprises user information transmitting means for transmitting user information to the identification information adding device, wherein the identification information adding device comprises: An identification information adding means for adding identification information to the user information transmitted from the terminal device, and the user identification information obtained by the identification information adding means being directed to the identification information selecting and transmitting apparatus via a communication path. Transmission means for transmitting user identification information via a communication path, and user identification information transmission means via a dedicated line for transmitting the user identification information also to a user authentication device via a dedicated line; The transmitting device does not transmit the user identification information including the identification information added by the identification information adding device to the user authentication device, but transmits the user identification information including the identification information other than the identification information to the user authentication device. User identification information selecting and transmitting means, and the user authentication device performs user authentication by receiving user identification information transmitted from the identification information adding device or the identification information selecting and transmitting device via a dedicated line. Authentication means.

Thus, even if a malicious user who has illegally acquired the user identification information flowing through the communication path attempts to be authenticated by impersonating a user of a legitimate terminal device, the user is not allowed to use the terminal. Authentication will not be performed.

The reason is that the user identification information transmitted by the malicious user is transmitted to the communication path via a route different from the identification information adding device according to the present invention.
It is not transmitted via leased lines. Furthermore, since the identification information included in the user identification information acquired illegally is the same as the identification information added by the identification information adding device in the present invention, the identification information selecting and transmitting device transmits the user identification information to the user. This is because it is not transmitted to the user authentication device.

[0015] The user identification information flowing through one of the dedicated lines is securely acquired and transmitted to the user authentication device without being acquired by a third party. Therefore, improper use by impersonation can be prevented.

Further, since the same information is not transmitted to the user authentication device from the communication path and the dedicated line, there is no system inconvenience such as collision of user identification information.

Further, even if the user identification information is easily forged, unauthorized use can be prevented. Therefore, the user identification information may be simple, but the operation of the user of the terminal device is simplified. And a highly reliable system can be constructed.

Further, since the conventional user authentication system only needs to be provided with a dedicated line and an identification information selecting and transmitting device, the configuration is simple and the unauthorized use can be prevented at low cost.

(2) The identification information adding device of the present invention further transmits the user identification information to the identification information selection transmitting device via a communication path or transmits the user identification information to the user authentication device via a dedicated line. Transmission selection means for selecting any one of the following.

Thus, when the user identification information is transmitted to the user authentication device via the dedicated line, the security of the user identification information is more reliably ensured. That is, if the user identification information flows on the communication path, there is a possibility that a third party may illegally obtain the information. There is no.

(3) The identification information selecting and transmitting device of the user authentication system according to the present invention includes a storage unit for storing the identification information added by the identification information adding device. By referring to the section, user identification information to be transmitted to the user authentication device and user identification information not to be transmitted are selected.

Therefore, when a user terminal having various specifications is newly added or is not used, the identification information selecting / transmitting device is required to set or update the user identification information which is not transmitted to the user authentication device. Can be handled only by setting or updating the storage contents of the identification information in the storage unit.

(4) The user authentication system of the present invention comprises:
When the identification information added by the identification information addition device is updated, the identification information addition device further transmits the updated identification information to the identification information selection transmission device via the dedicated line. Means, and the identification information selecting and transmitting apparatus further comprises: selective transmission identification information updating means for updating the storage unit based on the transmitted update identification information.

Therefore, not only when the user identification information that the identification information selection transmitting device does not transmit to the user authentication device is newly set, but also various items having different terminal device specifications are newly added or reduced. Even in this case, the storage contents of the storage unit can be updated easily and quickly.

Further, since the updated user identification information is transmitted to the identification information selecting and transmitting apparatus only via the dedicated line, the security of the information is ensured. That is, when the updated identification information flows on the communication path, there is a possibility that a third party who obtains the updated identification information changes the updated information or the like, so that the system may not function properly. There is, however, no such danger according to the invention.

(5) The identification information in the user authentication system of the present invention is characterized in that it is an IP address.

Here, the IP address is added to the user information by the identification information adding device, and is represented by a number or the like which can be easily managed and understood by the computer. The standard of the contents to be performed is unified, the data of the identification information can be easily updated, the storage capacity can be reduced, and the processing of the identification information selection transmitting means can be speeded up.

(6) Definition of Terms In the present invention, the term "terminal device" refers to a device which receives services and is connectable to a network such as the Internet. In the embodiment, the user terminals of the mobile phone 20 and the personal computer 21 in FIG.

The "communication path" is defined as 2
It refers to a device for communicating with the above devices, and is a concept including not only a device that is open like the Internet but also a device that is closed like a LAN. In the embodiment, this corresponds to the Internet 26 in FIG.

The “dedicated line” is defined as a wireless line or a wired line.
This is a concept for communicating with the above devices, but it is a concept that is limited to only closed lines and does not include an open one such as the Internet, and is a line between two points for performing information communication. Telephone network, LAN, etc. In the embodiment, the telephone networks 22 and 27, the dedicated line 34, the LAN
36 corresponds to this.

The “user information” is an identifier transmitted from the terminal device to specify the user of the terminal device.
Telephone numbers, IDs, passwords, digital certificates, etc.
In the embodiment, this corresponds to the telephone number in step S1 of FIG.

"Identification information" is information added to an identifier such as a telephone number transmitted from a terminal device.
An address for uniquely identifying a user terminal on a network. In the embodiment, the IP of step S3 in FIG.
Addresses correspond to this.

The "identification information adding device" corresponds to the conversion devices 23 and 24 in FIG. 2 in the embodiment.

[0034] The "user identification information" refers to an identifier transmitted from the terminal device for identifying the user of the terminal device, to which an address for uniquely identifying the user terminal on the network is assigned. Information. In the embodiment,
The authentication key in step S5 in FIG. 6 corresponds to this.

In the embodiment, the “identification information selection transmitting device” corresponds to the IP address filtering device 28 in FIG.

The "transmission via selection means" corresponds to the router 29 in FIG. 2 in the embodiment.

The “storage section storing the identification information added by the identification information adding device” corresponds to the IP address filtering table in FIG. 7 in the embodiment.

[0038]

DESCRIPTION OF THE PREFERRED EMBODIMENTS (1) Configuration of Embodiment of User Authentication System An embodiment of a user authentication system according to the present invention will be described with reference to the drawings. FIG. 2 shows a configuration of a user authentication system according to an embodiment of the present invention. The mobile phone 20 and the personal computer 21 are user terminals. The mobile phone 20 is connected to the conversion device 24 via the telephone network 22, and the personal computer 21 is connected to the telephone network 2.
7 is connected to the conversion device 23. Mobile phone 2
0 is available for the Internet, and the personal computer 21 is available for the Internet by dial-up connection or regular connection using a normal telephone. That is, the mobile phone 20 is connected via the converter 24, and the personal computer 21 is connected via the converter 23.
Each can be connected to the Internet 26. It should be noted that the conversion device 24 is provided with a router 29 for selecting either the dedicated line 34 or the Internet 26 via the Internet.
Address filtering device 28 and user authentication device 3
0, the service providing device 32 is installed in the management center 38, and each device is
Are connected to each other by a LAN 36 in the inside. Also, I
The P address filtering device 28 is also connected to the Internet 26, and the LAN 36 is connected to a dedicated line 34.

The converters 23 and 24 are generally operated by a telephone carrier. It is preferable that the management center 38 be operated by a highly public organization such as a telecommunications carrier or a certified company thereof.

(2) Hardware Configuration of Personal Computer 21 and the Like FIG. 3 shows a hardware configuration of the personal computer 21. The personal computer 21 includes a memory 40, a display 42, a communication circuit 44, a keyboard /
Mouse 46, CPU 48, hard disk (recording device) 5
0, a CD-ROM drive 52 is provided. The hard disk 50 stores an operating system (such as Windows 98 by Microsoft Corporation) and a browser program for browsing the web. This browser program is stored in a CD-ROM 54 via a CD-ROM drive 52.
Installed from. The communication circuit 44
This is a circuit for connecting to the Internet 26.

The conversion devices 23 and 24, the user authentication device 30, and the service providing device 32 have the same hardware configuration as that shown in FIG. However, the conversion device 23
And 24, an IP address and a protocol conversion program are recorded on the hard disk, the user authentication device 30 records the user authentication program on the hard disk, and the service providing device 32 provides the service on the hard disk. The service providing web server program is recorded.

(3) IP address filtering device 28
FIG. 4 shows a hardware configuration of the IP address filtering device 28. IP address filtering device 28
Has a display panel 90, a memory 92, a communication circuit 94, a switch 96, and a CPU 98. The communication circuit 94 is a circuit for connecting to the Internet 26.

(4) Configuration of Mobile Phone 20 FIG. 5 shows a block diagram of the mobile phone 20. As input / output devices, a liquid crystal display 62, a numeric keypad / switch 64, a microphone 66, a speaker (for telephone call) 68, and a speaker (for ringtone) 70 are provided. The audio encoding circuit 74 is a circuit for encoding the audio from the microphone 66 for transmission, decoding the received audio signal, and outputting the decoded audio signal from the speaker 68. The micro-browser 72 is a program recorded in the recording device, and is for browsing data from the service providing web. The wireless communication circuit 76 is a circuit for transmitting or receiving voice or data by wireless communication. The serial data communication circuit 78 is a circuit for performing communication with an external personal computer 84. The memory 80 stores the user's own telephone number, telephone directory, and the like. The control circuit 86 controls these circuits. The battery 82 supplies power to each unit.

(5) Process for Receiving User Authentication from Mobile Phone 20 FIG. 6 shows a process for receiving user authentication from the mobile phone 20 as a user terminal. This process is a prerequisite when the user terminal receives the provision of the service from the service providing device 32.

First, the user operates the mobile phone 20 to connect to the conversion device 24, and transmits a connection request to the user authentication device 30 and a telephone number as an identifier for user authentication (step S1). ). Upon receiving the request, the conversion device 24 permits connection (step S2), assigns an IP address to the telephone number (step S3), and distributes the IP address to the mobile phone 20 (step S4). Here, the conversion device 24 pools the IP addresses to be distributed to the mobile phone 20 in the hard disk in advance, and each time there is a connection request from the mobile phone 20, the pooled IP address is
We select empty ones from the addresses and distribute them.

The telephone number as an identifier is
The ID is converted into an ID (step S5), and the telephone network is converted into an Internet protocol (step S6). Here, the subscriber ID is an identifier uniquely assigned by the communication carrier in association with the telephone number of the user. Then, the subscriber ID and the IP address as the authentication key are transmitted to the user authentication device 30 via the dedicated line 34 and the LAN 36 (Step S7).

At this time, the conversion device 24 does not transmit the authentication key to the Internet 26. This is due to the router 29 provided in the conversion device 24. That is, if the destination IP address included in the connection request in step S1 is the address of the user authentication device 30 or the service providing device 32, the router 29 selects only the dedicated line 34 via the transmission of the authentication key. Is set.

Therefore, the authentication key transmitted from the mobile phone 20 is transmitted to the user authentication device 30 only via the dedicated line 34 (step S7) to perform user authentication (step S11).

(6) Prevention of Unauthorized Use by Impersonation Next, a description will be given of how the configuration of the present embodiment can prevent unauthorized use of a mobile phone user by impersonation.

Here, the improper use of the mobile phone by impersonating the user is performed when the user of the mobile phone 20 to be authenticated for user uses another Internet service other than the present system. This is performed by a malicious user operating the unauthorized use terminal 25 such as a personal computer acquiring an authentication key to be transmitted on the personal computer 26. That is, the malicious user operating the unauthorized terminal 25 acquires and decodes the subscriber ID and the IP address as the authentication key flowing on the Internet 26 by the unauthorized program in the unauthorized terminal 25. Then, by the unauthorized program such as a personal computer, the conversion device 2 pretends that the acquired subscriber ID and IP address are the sender.
3 by accessing the Internet 3 illegally as an IP address different from the IP address originally assigned by the conversion device 23.

However, even if an attempt is made to receive a service provided by such impersonation,
The authentication key is not transmitted to the user authentication device 30.

This is due to the configuration of the IP address filtering device 28 described below.

The IP address filtering device 28 receives the transmitted authentication key and performs filtering. This is performed by referring to an IP address filtering table as illustrated in FIG. 7 stored in the memory 92 of the IP address filtering device 28.

In the IP address filtering table of FIG. 7, a column of a source IP address when an action of Reject (prohibit) is performed is recorded. It is the same as the address. The action of this Reject (prohibit) is that if the authentication key is transmitted from the Internet 26 and the authentication key includes the same IP address as that recorded in the column, the authentication key is transmitted to the user authentication device 30. Is not transmitted. For example, in the IP address filtering table of FIG. 7, if the source IP address in the authentication key is 192.168.1.5, the authentication key is not transmitted to the user authentication device 30. on the other hand,
If the source IP address in the authentication key is 193.100.1.1, the authentication key is transmitted to the user authentication device 30.

Thus, even if an authentication key is transmitted by impersonating a user of a mobile phone by a personal computer or the like, the conversion device 23 which receives the authentication key transmits the authentication key to the user authentication via the Internet 26 only. While transmitting to the device 30, the authentication key is:
Because the IP address filtering table 28 includes the IP address originally assigned to the mobile phone 20 recorded in the IP address filtering table, the IP address filtering device 28 that has received the IP address does not transmit the authentication key to the user authentication device (step S9). ). That is, user authentication is not performed.

(7) Advantageous Effects of the Present Embodiment As described above, according to the present embodiment, improper use of a personal computer or the like by a user of a mobile phone can be prevented.

Further, since the same information is not transmitted to the user authentication device 30 from the Internet 26 and the dedicated line 34, no inconvenience on the system such as collision of IP packets occurs.

Further, even if the information transmitted for user authentication is relatively easy to forge, such as a subscriber ID or an IP address, unauthorized use is not performed. This eliminates the need to send a password and the like, simplifying the operation of the user, and constructing a highly reliable system.

Since the conventional user authentication system only needs to be provided with a dedicated line and an IP address filtering device, the configuration is simple, and unauthorized use can be prevented at low cost.

Further, when the dedicated line 34 is selected as the route via the router 29 provided in the conversion device 24, the security of the authentication key is more reliably ensured. That is, when the authentication key flows on the Internet 26, there is a possibility that a third party may illegally obtain the authentication key. There is no sex.

When the user is authenticated by selecting the dedicated line 34 as a route, the dedicated line 34 in the management center 38 is used as a route for transmitting information to the mobile phone 20 after the user authentication is completed. Usually used. In such a case, there is a possibility that a load is applied to the communication traffic of the dedicated line 34, but the following configuration can be adopted to distribute the load.

For example, under the control of the CPU or the like of the user authentication device 30 or the service providing device 32, a predetermined limit value is set for the information transmission amount or the like transmitted by them, and the information transmission amount or the like exceeds the limit value. In this case, the load of communication traffic on the dedicated line 34 can be distributed by selecting the Internet 26 via the information transmission. Although not shown in the present embodiment, by providing a plurality of routers for relaying between the LAN 36 in the management center 38, the dedicated line 34 and the Internet 26, the routers can exchange delay time and the like with each other, and By selecting which one of the dedicated line 34 and the Internet 26 is most suitable as a path for transmitting information to the telephone 20, the load of communication traffic on the dedicated line 34 can be dispersed. As a result, even when the number of users of the mobile phone 20 increases, the system can be operated quickly and stably.

The IP address filtering device 28
Has an IP address filtering table, so that when a mobile phone of various specifications is newly added or is not used, the IP address filtering device 28
When setting or updating an authentication key that is not transmitted to the user authentication device 30, can be handled only by updating the storage contents of the IP address filtering table.

Here, the IP address is pooled in advance in the conversion device 24 and is represented by a number or the like that can be easily managed and understood by the computer. Standards are unified, the storage contents of the IP address filtering table can be easily updated, the storage capacity can be reduced, and the filtering process of the IP address filtering device can be speeded up.

Although the IP address filtering table according to the present embodiment records the column of the IP address of the source of rejection (prohibition), the present invention is not limited to this. For example, Accept (send)
A column for instructing Action, a column for the destination IP address, and a column for the target service (TCP port number) may be recorded in this table. In this case, in the column of the destination IP address, the IP address or the like assigned to the service providing web in the user authentication device 30 or the service providing device 32, and in the column of the target service, http And the type of service such as mail.

In this embodiment, the conversion device 2
Although the case where the router 29 is provided in 4 has been described,
This system can be implemented even when a router is not provided. Because, in this case, the conversion device 24
The authentication key is sent not only via the dedicated line
6 via the Internet 26
As described above, the IP address filtering device 28 that receives the authentication key does not transmit the authentication key including the IP address given by the conversion device 24 to the user authentication device 30 as described above. This is because the same effect as described above can be obtained.

(8) Processing when User Authentication is Received from Personal Computer 21 In the configuration in which the personal computer 21 receives user authentication, as shown in FIG. It is connected to the Internet 26 only, and unlike the mobile phone 20, there is no transmission of the authentication key via the dedicated line 34.

In addition, IDs and passwords are often required as identifiers for user authentication. this is,
A personal computer is usually provided with a keyboard, so that a user can easily input an ID and a password, while performing user authentication more reliably.

In the process for receiving user authentication from the personal computer 21, the conversion device 23 receives the authentication key, as in the case where the user terminal is a mobile phone, and accepts the connection permission and the IP address corresponding to the authentication key. Assignment and distribution of an IP address to the personal computer 21 are performed. Then, the authentication key is protocol-converted and transmitted to the IP address filtering device 28 via the Internet 26. At this time, since the IP address is not the same as that included in the IP address filtering table, the user authentication device 30
Will be sent to That is, in the IP address filtering table in the IP address filtering device, the IP address pooled in the conversion device 24 is recorded, and the IP address pooled in one of the conversion devices 23 is recorded. Since the authentication key originating from a personal computer is not
This is because the address filtering device 28 is not subjected to the operation of not transmitting (prohibiting).

As described above, in the present embodiment, when the mobile phone 20 is a user terminal, the authentication key is transmitted via the dedicated line 34 to prevent unauthorized use by spoofing. When the personal computer 21 is a user terminal, the authentication key is not transmitted via the dedicated line 34. This is because, as described above, in the case of a mobile phone, the authentication key transmitted for user authentication is relatively easy to forge, such as a subscriber ID or an IP address. Therefore, the embodiment is not limited to this. For example, even in the case of other terminal devices that may be fraudulently used by impersonation due to circumstances such as the authentication key being used is easily forged,
By employing a configuration similar to the configuration in the case where user authentication is received from the mobile phone 20 in the present embodiment, unauthorized use can be prevented.

(9) IP address filtering device 28
FIG. 8 shows a process for updating the recorded content of the IP address filtering table of the IP address filtering device 28. If there is an update such as an increase or decrease in the IP address given by the conversion device 24 to the telephone number transmitted from the mobile phone 20, the pooled IP address of the conversion device 24 is updated ( Step S5
0). The updated IP address data is transmitted to the IP address filtering device 28 via the dedicated line 34 and the LAN 36 by the program on the hard disk of the conversion device 24 (step S51), and the updated IP address data is received. The IP address filtering device 28 updates the contents of the IP address filtering table (step S52).

Therefore, the authentication key that the IP address filtering device 28 does not transmit to the user authentication device 30 is
It is possible to simply and quickly update the storage contents of the IP address filtering table, not only when setting is newly made but also when various kinds of mobile phones having different specifications are added or reduced.

The data of the updated IP address is
Since the data is transmitted to the IP address filtering device 28 only through the dedicated line 34 and the LAN 36, the security of the data is ensured. That is, when the updated IP address flows on the Internet 26, the third party who obtains the updated IP address operates the unauthorized use terminal 25 to change the data, and the normal operation of the present system. However, according to this embodiment, there is no such danger.

[Brief description of the drawings]

FIG. 1 is a diagram showing a conventional user authentication system.

FIG. 2 is a diagram illustrating a user authentication system according to an embodiment of the present invention.

FIG. 3 is a diagram illustrating a hardware configuration of a personal computer as a user terminal.

FIG. 4 is a diagram illustrating a hardware configuration of an IP address filtering device.

FIG. 5 is a diagram showing a block diagram of a mobile phone as a user terminal.

FIG. 6 is a diagram showing a process when receiving user authentication.

FIG. 7 is a diagram illustrating the contents of an IP address filtering table.

FIG. 8 is a diagram showing processing when updating the recorded contents of an IP address filtering table of the IP address filtering device.

[Explanation of symbols]

 Reference Signs List 20 mobile phone 21 personal computer 23, 24 conversion device 28 IP address filtering device 30 user authentication device 32 service providing device 38 management center 29 ... Router 22 ... Telephone network 26 ... Internet 34 ... Dedicated line 36 ... LAN 25 ... Unauthorized terminal

Continuation of the front page (72) Inventor Tetsuro Osako 22 of Kyocera Communication System Co., Ltd. F-Term (reference) 5B085 AE04 AE23 BG07 5J104 AA07 AA47 KA01 KA02 NA05 PA02 PA07 5K067 AA33 BB04 BB21 DD24 EE02 EE10 EE16 GG01 GG11 HH21 HH22 HH24

Claims (8)

[Claims] 1. A terminal device, an identification information adding device connected to the terminal device via a dedicated line, an identification information selecting and transmitting device connected to the identification information adding device via a communication path, and an identification information adding device A user authentication device that is connected to the device via a dedicated line and is also connected to the identification information selection and transmission device via a dedicated line. User information transmitting means for transmitting user information to the identification information adding apparatus, wherein the identification information adding apparatus adds identification information to the user information transmitted from the terminal device; Means for transmitting user identification information via a communication path for transmitting the user identification information obtained by the identification information adding means to the identification information selection transmitting apparatus via a communication path; and transmitting the user identification information via a dedicated line. Means for transmitting user identification information via a dedicated line to be transmitted to the user authentication device, wherein the identification information selection transmission device transmits the user identification information including the identification information added by the identification information addition device to the user authentication device. A user identification information selection transmitting means for not transmitting the identification information but including identification information other than the identification information to the user authentication device, the user authentication device comprising: an identification information addition device or an identification information selection device; A user authentication system comprising: user authentication means for performing user authentication by receiving user identification information transmitted from a transmitting device via a dedicated line. 2. The identification information adding device according to claim 1, further comprising: transmitting the user identification information to the identification information selecting / transmitting device via a communication path, or transmitting the user identification information to the user authentication device via a dedicated line. Transmission via selection means for selecting either one of transmission by transmission. 3. An identification information selecting / transmitting device connected to an identification information adding device via a communication path and connected to a user authentication device via a dedicated line, wherein the identification information adding device is added. The user identification information including the identification information to be transmitted to the user authentication device, but transmitting the user identification information including the identification information other than the identification information to the user authentication device. An identification information selection transmitting device, comprising: 4. The identification information selecting and transmitting apparatus according to claim 1, further comprising: a storage unit for storing the identification information added by the identification information adding apparatus. By referring to the storage unit, user identification information to be transmitted to the user authentication device and user identification information not to be transmitted are selected. 5. The user authentication system according to claim 4, wherein when the identification information added by the identification information adding device is updated, the identification information adding device further transmits the updated identification information via a dedicated line. Update identification information transmitting means for transmitting the identification information selection transmission device to the identification information selection transmission device, wherein the identification information selection transmission device further updates the selected transmission identification information for updating the storage unit based on the transmitted update identification information. Means, a user authentication system comprising: 6. The user authentication system according to claim 1, wherein the identification information selection transmitting device and the user authentication device are configured as an integrated device. 7. The method according to claim 1, wherein the identification information is an IP address. 8. A user authentication method for authenticating a user of a terminal device by a user authentication device connected to the terminal device, wherein when the terminal device receives user authentication, the terminal device uses the user device. The identification information is added to the user information and sent to the user authentication device via a communication channel or a dedicated line, and the user information having the identification information sent via the communication channel is not sent to the user authentication device. A user authentication method in which user information sent via a dedicated line is sent to a user authentication device, and the user authentication device performs user authentication based on the user information sent via the dedicated line.