JP2005346592A - Certification method of mobile phone site - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a certification method of a mobile phone site which can improve security of mobile phone site without performing change of password. <P>SOLUTION: In this method, a user performs initial access in which ID for log-in and a password are input when accessing a URL of a mobile phone site, and access for certification in which a URL for certification transmitted by mail from the mobile phone site is accessed. When the mobile phone site receives initial access from a user, the mobile phone site performs processing which transmits the URL for certification to the mail address of the user's mobile phone while performing first certification to the user based on the ID and password. Then, when the mobile phone site receives access for certification from the user, mobile phone site performs the second certification to the user based on the URL for certification. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a method related to user authentication on a mobile site side when accessing a mobile site via a mobile browser of a mobile phone, that is, a mobile site authentication method.

  In recent years, mobile phones have become widespread at a remarkable rate. Mobile phones are now used not only as telephones but also as devices for using the Internet. Due to the widespread use of mobile phones, the Internet can be used by a wide range of ages, which could not be achieved with personal computers. For example, an i-mode (registered trademark) compatible mobile phone can receive various services such as e-mail, browsing of a mobile site, ticket reservation, and product ordering.

By the way, when using a service on the Internet, a user may be able to use the service only after being authenticated. This is one measure for eliminating unauthorized users. For example, the personal ID and password transmitted from the member's mobile phone are collated with the personal ID and password registered in advance on the mobile site side. Thus, there is known a method of authenticating a valid member only when they match (see, for example, Patent Document 1).
JP 2003-316981 A

  In the conventional authentication method (not limited to the disclosed technique disclosed in Patent Document 1), in order to increase the safety of the mobile site, it is conceivable that the user periodically accesses the management server and changes the password. However, when such a password is periodically changed, there are problems that it takes time and forgets the password. As a coping method, there is a method of recording and managing a password on paper or the like every time the password is changed, but it is troublesome and it is difficult to say that it is not always possible to ensure safety.

  Even if the password is changed periodically, if it is known to an unauthorized user, the unauthorized user can easily access the mobile site from the mobile phone of the unauthorized user and perform unauthorized use for a long time. .

  This invention is made in view of the situation mentioned above, and makes it a subject to provide the portable site authentication method which can improve the safety | security of a portable site, without changing a password.

  The mobile site authentication method of the present invention according to claim 1, which has been made to solve the above problem, is a method related to user authentication on the mobile site side when accessing the mobile site via a mobile browser of a mobile phone. The user side performs initial access for accessing the URL of the mobile site and inputting a login ID and password, and authentication access for accessing the authentication URL transmitted from the mobile site by e-mail. On the mobile site side, after performing server registration for registering the mobile mail address of the mobile phone of the user in advance on the server by the administrator, the ID and the password are received when there is the initial access from the user side. Based on the first authentication to the user and at least the authentication A process for registering the authentication URL incorporating a character string including an authentication key and an authentication key and transmitting it to the mobile mail address of the user, and then, if there is access for authentication from the user side, The second authentication for the user is performed based on the character string of the URL.

  The mobile site authentication method according to the present invention described in claim 2 is the mobile site authentication method according to claim 1, wherein the mobile site side generates information about the mobile browser when generating the authentication flag and the authentication key. And / or generating and registering information of the model of the mobile phone, and using the information in the second authentication.

  The mobile site authentication method of the present invention described in claim 3 is the mobile site authentication method according to claim 1, wherein the mobile site authenticates the authentication URL and the authentication key when generating the authentication flag and the authentication key. An authentication expiration date and a browsing expiration date are generated and registered, and the authentication expiration date and the browsing expiration date are confirmed during the second authentication.

  According to the present invention, the user simply makes two accesses. Then, between the two accesses, the mobile site performs authentication twice. The present invention is a method of performing authentication twice while reducing the burden on the user side. According to the present invention, since the mobile site cannot be accessed unless the authentication URL is received, even if an unauthorized user who knows the login ID and password accesses from another mobile phone, the mobile site is not authenticated.

  According to the present invention described in claim 1, there is an effect that the security of the mobile site can be enhanced without changing the password. Further, according to the present invention described in claims 2 and 3, there is an effect that safety can be further improved.

Hereinafter, description will be given with reference to the drawings.
FIG. 1 is a schematic diagram showing an embodiment of a system to which the mobile site authentication method of the present invention is applied. FIG. 2 is a diagram for explaining the mobile site authentication method of the present invention.

  1, a system to which the mobile site authentication method of the present invention is applied includes a communication network 3 including a digital mobile communication network 1 and the Internet 2, a mobile phone 4 capable of bidirectional communication in the communication network 3, and a communication network. 3 includes a Web / DNS server 6, an application server 7, a database server 8, a mail server 9, and a LAN 10 on the mobile site 5 side connected to a plurality of mobile phones 4.

  The digital mobile communication network 1 is connected to the Internet 2 by a gateway device (not shown) for communication protocol conversion. The digital mobile communication network 1 can perform IP packet communication based on TCP / IP in the Internet 2. Although the mobile phone 4 is not particularly limited, for example, the mobile phone 4 is of a model corresponding to i-mode (registered trademark) that is most popular in Japan and can access the mobile site 5. It has become.

  As described above, the mobile site 5 side includes the Web / DNS server 6, the application server 7, the database server 8, the mail server 9, and the LAN 10 that connects them. The Web / DNS server 6 distributes Web information and realizes mutual conversion between an IP address and a domain name. The application server 7 includes various programs such as an application program 11, a management program 12, and an authentication program 13. The application program 11 operates the parts related to the certificate authority 14 and the user information 15. Further, the management database 12 can be managed by the management program 12. Further, the generating module 17 is operated by the authentication program 13.

  The management database 16 is provided with a registration area 18 for registering a mobile mail address of the mobile phone 4 owned by a user (not shown). The generation module 17 includes an authentication expiration date generation unit 19 that generates an authentication expiration date, a browsing expiration date generation unit 20 that generates a browsing expiration date, an authentication flag generation unit 21 that generates an authentication flag, and an authentication key that generates an authentication key. A generation unit 22, a terminal / browser information generation unit 23 that generates terminal / browser information, and an authentication URL generation unit 24 that generates an authentication URL are provided.

  The database server 8 is configured to manage an authentication information database (DB) 25. In the authentication information database 25, an authentication expiration date registration area 26 for registering an authentication expiration date generated by the generation module 17, a browsing expiration date registration area 27 for registering a browsing expiration date, and an authentication flag are registered. Authentication flag registration area 28, authentication key registration area 29 for registering an authentication key, terminal / browser information registration area 30 for registering terminal / browser information 23, and authentication URL for registering an authentication URL A registration area 31 is provided.

  Next, a series of flows of the mobile site authentication method of the present invention based on the above configuration will be described with reference to FIG. 1 and FIG. Note that the left side of FIG. 2 shows the procedure related to the user who owns the mobile phone 4, and the right side of the figure shows the procedure related to each server of the mobile site 5. In addition, the horizontal chain line in the figure is a line for making it easy to understand which processing is among server registration, normal access (initial access), and browsing access (authentication access). .

  In the server registration process, the process of step S11 is executed here. In the process of step S11, a process of registering the model (model name) of the user's mobile phone 4 and the mobile mail address is executed. The registration is appropriately performed, and the model and mobile mail address are registered in the registration area 18 of the management database 16 by the administrator of the mobile site 5, for example. As a result, the user is thereafter given a login ID and password and can access the mobile site 5.

  In the normal access (initial access) process, steps S21 to S27 are sequentially executed here. In the process of step S21, the URL of the mobile site 5 is accessed. As a result of the access, a part for inputting the login ID and password as shown in the box of step S21 is displayed on the screen of the user's cellular phone 4. After entering the ID and password, for example, the “OK” button in the figure shifts to the next processing.

  In the process of step S22, the first authentication for the user who performed the access is performed. The first authentication is performed in the certificate authority 14 of the application server 7, and whether or not the ID and password transmitted from the mobile phone 4 in the process of step S 21 matches the ID and password registered in the user information 15. Judgment is made. As a result of the determination, if it matches the registered ID and password, the process proceeds to the next process (if they do not match, the process returns to step S21).

  In the process of step S23, a process for confirming whether or not the mobile mail address of the accessing user is registered in the registration area 18 of the management database 16 is performed. If the mobile mail address is registered as a result of the confirmation, the process proceeds to the next process (if it is not registered, the process returns to step S21).

  In the process of step S24, it is confirmed whether the authentication expiration date and the browsing expiration date of the authentication URL last issued to the user (this will be described later. The authentication URL will be sent by e-mail later) have expired. The process to do is performed. The confirmation is performed by referring to the authentication expiration date registration area 26 and the browsing expiration date registration area 27. If there is no problem with the expiration date, the process proceeds to the next process (if not, the process proceeds to step S21). Return).

  In the process of step S25, an authentication flag and an authentication key are generated and an authentication URL is generated. The authentication flag and the authentication key are generated by the authentication flag generation unit 21 and the authentication key generation unit 22, for example, a random character string becomes the authentication flag and the authentication key. The authentication URL is generated by the authentication URL generation unit 24, and a character string made up of an authentication flag and an authentication key is incorporated into an authentication URL (the character string is incorporated at the end of the URL of the mobile site 5). An authentication URL is generated, and it is preferable that the character strings to be incorporated are set so that they are not the same for the past year, for example). The generated authentication flag, authentication key, and authentication URL are registered in the authentication flag registration area 28, the authentication key registration area 29, and the authentication URL registration area 31 of the authentication information database 25. When the process of step S25 ends, the process proceeds to the next process.

  In the process of step S26, an authentication expiration date, a browsing expiration date, and terminal / browser information are generated and registered. The generation of the authentication expiration date, the browsing expiration date, and the terminal / browser information is performed by the authentication expiration date generation unit 19, the browsing expiration date generation unit 20, and the terminal / browser information generation unit 23. They are registered in the term registration area 26, the browsing validity term registration area 27, and the terminal / browser information registration area 30. When the process of step S26 ends, the process proceeds to the next process.

  In the processing in step S27, processing for transmitting an authentication URL to the accessing user is performed. The transmission is performed with the user's mobile mail address as the destination (the authentication URL is not mailed to the unauthorized user's mobile phone).

  In the browsing access (authentication access) process, steps S31 to S35 are executed in this order. In the process of step S31, access to the authentication URL transmitted from the mobile site 5 side by e-mail is performed. In other words, an authentication URL as shown in the box in step S31 is mailed to the screen of the user's mobile phone 4, and the user simply performs access to the authentication URL. When access is completed, the process proceeds to the next process.

  In the process of step S32, a process of confirming whether or not the authentication URL accessed by the user includes a part serving as an authentication flag and an authentication key is performed. As a result of the confirmation, if the authentication flag and authentication key are included, the process proceeds to the next process (if not included, the process is interrupted or the process returns to step S21). ). Note that the second authentication for the accessing user is started by the process of step S32.

  In the process of step S33, a process of confirming based on the terminal / browser information registered in the terminal / browser information registration area 30 is performed whether or not the access is from the mobile browser transmitted in the process of step S27. As a result of the confirmation, if the access is from a mobile browser that has sent an e-mail, the process proceeds to the next processing (if the access is not from a mobile browser that has sent an e-mail (for example, a mobile phone different from the user by stealing an authentication URL) 4), the process is interrupted or the process returns to step S21).

  In the process of step S34, a process of confirming whether the authentication expiration date and the browsing expiration date of the authentication URL accessed by the user have expired is performed. The confirmation is performed based on the authentication expiration date and the browsing expiration date registered in the authentication expiration date registration area 26 and the browsing expiration date registration area 27 of the authentication information database 25. If the result of the confirmation is that it has not expired, the user can view it and proceed to the next process (if the period has expired, the process is interrupted or the process returns to step S21).

  In the process of step S35, the browsing menu of the mobile site as shown in the box of step S35 is displayed. Thus, the user can start the desired browsing by operating the mobile phone 4 while viewing the screen.

  As described above, according to the present invention, the user only needs to use the same login ID and password at all times, thereby eliminating the problem of forgetting. Further, since the authentication is performed twice on the mobile site 5 side, the safety of the mobile site 5 is not lowered even if the same login ID and password are always used. Furthermore, the user only has to wait for a short period of time to receive an email of an authentication URL incorporating a character string including an authentication flag and an authentication key, and to access the authentication URL. It is not accompanied. Furthermore, since the mobile site 5 performs various confirmations such as whether or not the access is from a mobile browser, the reliability of authentication is increased. Furthermore, since the expiration date is set, extra access time from the outside is reduced, and the safety of the mobile site 5 is increased.

  It is possible to set the time that will not hinder the user by referring to the actual value of the user's time spent on the site by registering the expiration date as an arbitrary time by dividing the valid time after login and the valid time after login. Become.

  In addition, it goes without saying that the present invention can be variously modified without departing from the spirit of the present invention.

It is a schematic diagram showing one embodiment of a system to which the mobile site authentication method of the present invention is applied. It is a figure for demonstrating the portable site authentication method of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Digital mobile communication network 2 Internet 3 Communication network 4 Mobile phone 5 Mobile site 6 Web / DNS server 7 Application server 8 Database server 9 Mail server 10 LAN

Claims (3)

A method for authenticating a user on the mobile site side when accessing the mobile site via a mobile browser of a mobile phone,
On the user side, initial access for accessing the URL of the mobile site and entering a login ID and password, and access for authentication for accessing the authentication URL sent by e-mail from the mobile site,
On the mobile site side, after performing server registration for registering the mobile mail address of the mobile phone of the user to the server in advance by the administrator, if there is the initial access from the user side, the ID and the password Based on the first authentication for the user based on the above, performs a process of registering and transmitting the authentication URL incorporating a character string including at least an authentication flag and an authentication key to the mobile mail address of the user, A mobile site authentication method, wherein when there is access for authentication from a user side, the user is authenticated for the second time based on the character string of the URL for authentication. The mobile site authentication method according to claim 1,
On the mobile site side, when the authentication flag and the authentication key are generated, the mobile browser information and / or the mobile phone model information is generated and registered, and the second authentication is performed. The mobile site authentication method characterized by using each information at the time. The mobile site authentication method according to claim 1,
On the mobile site side, when generating the authentication flag and the authentication key, the authentication URL and the browsing expiration date of the authentication URL are generated and registered, and at the time of the second authentication. The mobile site authentication method, wherein the authentication expiration date and the browsing expiration date are confirmed.

Images