JP2010097467A - Risk-based authentication system and risk-based authentication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a risk-based authentication system achieving a flexible authentication method by changing a determination level for executing additional authentication by changing an evaluation result of a risk level according to an attribute for each user or an attribute of a transaction. <P>SOLUTION: The risk-based authentication system for evaluating a risk level of an access by rule analysis or action analysis and changing an authentication level based on the evaluation result includes: a risk-based authentication section 210; an attribute determination section 220 for evaluating a risk level based on information related to an attribute of each user; a multilevel authentication server 200 having authentication means including the risk-based authentication section 210 and the attribute determination section 220; a pass determination section 121 for requesting respective authentication means of the multilevel authentication server 200 to evaluate the risk level and acquiring the evaluation results; and a pass/fail determination section 122 for evaluating a final risk level based on the acquired evaluation results of the risk level and changing the authentication level based on the evaluation results. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an authentication technique in an online system or the like, and more particularly to a technique effective when applied to an authentication system and an authentication method for performing risk-based authentication.

  In recent years, opportunities to execute various transactions such as financial transactions and product purchases online via networks such as the Internet have increased, and along with this, the number of identity theft such as IDs and passwords and online fraud has also increased. Yes. On the other hand, in each system, measures have been taken to strengthen security by strengthening user authentication at the time of login or transaction processing.

  However, if security is uniformly enhanced for all users and transactions, the security level may be insufficient for some users and transactions, or conversely, a sufficient security level for all users and transactions will be secured. Then, it becomes expensive, and it becomes difficult to use for ordinary users, resulting in an imbalance between the security level and usability.

  Therefore, risk-based authentication is currently attracting attention as a technique for enhancing security by enhancing authentication strength without impairing usability. Risk-based authentication analyzes user behavior and access environment from historical information such as access logs and context information, evaluates the risk level for users and transactions, and dynamically changes the authentication level according to the risk level. This is a technique for improving the accuracy of user authentication while maintaining usability.

  For example, if a user is accessing his / her bank account from an office in Tokyo, and the same user accesses this bank account from Osaka, the risk level is high because it differs from the normal behavior pattern. Judgment requesting additional authentication, or if accessing from Russia 5 minutes after accessing from Tokyo, rejecting the transaction as a possible crime and high possibility of crime It is possible to do. In addition, for example, when a user who normally uses Windows (registered trademark) accesses with Macintosh (registered trademark), it is possible to request additional authentication.

  Additional authentication is identity verification performed to confirm that the transaction is not a fraud. For example, identity verification by telephone from the operator, information known only by the identity (birth date, answer to secret questions, etc.) There are various things such as requirements.

  In the risk-based authentication system, whether or not to require additional authentication is determined by performing rule analysis (comparison with fraud or other suspected access patterns), behavior analysis (comparison with past behavior patterns of users), etc. After that, the policy is applied (the result of rule analysis and behavior analysis is digitized). In a normal risk-based authentication system, the risk (suspiciousness) of a transaction is evaluated based on, for example, four levels or numerical values from 1 to 1000.

The above-described risk-based authentication technique is described in, for example, JP-T-2007-514333 (Patent Document 1).
Special table 2007-514333 gazette

  However, in the risk-based authentication system based on the conventional technology, the policy applied when quantifying the results of rule analysis and behavior analysis is common to the risk-based authentication system and the online system on which it is installed, and lacks flexibility. There is a part. In other words, depending on the attributes for each user (for example, account balance), the transaction attributes (for example, whether the transaction involves a transfer of funds, etc.), and the user's wish (“in certain conditions, increase the authentication strength. The evaluation result of the risk level cannot be changed by “desiring” etc.), and the judgment level for executing the additional authentication cannot be changed.

  For example, a user with a large account balance may think that a higher authentication strength is required than a user with a small account balance, and there may be users who require a uniform high authentication strength regardless of the account balance. Conceivable. In addition, there is no need for additional authentication in the balance inquiry, but in the case of funds transfer, there may be cases where it is desired to increase the authentication strength even with a small amount.

  Therefore, an object of the present invention is to provide flexibility by changing the judgment level for executing additional authentication by changing the evaluation result of the risk level according to the attribute for each user, the attribute of the transaction, the instruction from the user, and the like. The object is to provide a risk-based authentication system for realizing the authentication method. The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the inventions disclosed in this application, the outline of typical ones will be briefly described as follows.

  A risk-based authentication system according to a representative embodiment of the present invention is based on a risk-based authentication unit that evaluates a risk level of access from a user by performing rule analysis and behavior analysis, and information on the attribute for each user. A multi-stage authentication unit having a plurality of authentication means for evaluating the risk level for the access, including an attribute determination unit for evaluating the risk level for the access; and the risk-based authentication unit and the attribute determination unit; For each of the authentication means of the multi-stage authentication unit, request a request for evaluation of the risk level and obtain the evaluation result, and the evaluation result of each risk level acquired by the path determination unit And assessing the final risk level for the access based on the evaluation result. It is characterized in that it has a adequacy determining unit for changing the authentication level to.

  Among the inventions disclosed in the present application, effects obtained by typical ones will be briefly described as follows.

  According to the exemplary embodiment of the present invention, in the risk-based authentication system, additional authentication is performed by changing the evaluation result of the risk level according to the attribute for each user, the attribute of the transaction, an instruction from the user, and the like. By changing the judgment level, a flexible authentication method can be realized.

  In addition, according to a typical embodiment of the present invention, a user can register an environment that he / she uses in advance, an application that can be used according to the environment and its attributes, and the like from a plurality of environments. It is possible to enhance the user's convenience and to strengthen authentication for access from an environment that the user does not use.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted. In the following, in order to make the features of the present invention easier to understand, the description will be made in comparison with the prior art.

<Overview>
FIG. 11 is a diagram showing an outline of a configuration example of an online system having a risk-based authentication system according to a conventional technique. The online system includes a Web AP (Web application) server 100, an APL (application) server 300, a DB (database) server 400, a risk-based authentication server 800, a network 500, and a client terminal 600.

  The client terminal 600 is a terminal device having a Web browser such as a PC or a mobile terminal, and is connected to the Web AP server 100 via a network 500 such as the Internet.

  The Web AP server 100 is a Web server having an authentication unit 110, a PL (Presentation Logic) base unit 130, and a screen control unit 140 as main functions. The Web AP server 100 performs authentication using a user ID and password, authentication using OTP (One Time Password), cookie authentication, and the like for the login and transaction access from the client terminal 600, and the PL infrastructure. The business process is performed by the APL server 300 and the DB server 400 under the control of the unit 130, the display control unit 140 generates a display screen based on the result, and responds to the client terminal 600 to execute the transaction process. .

  In the risk-based authentication system, in addition to authentication by the authentication unit 110, the risk-based authentication server 800 determines whether or not additional authentication is necessary in order to enhance the security by increasing the authentication strength at the time of login or transaction processing as necessary. Make a decision. The risk-based authentication server 800 generally has a function of judging the risk level by comparing the IP address of the access source and the black list, a function of judging the risk level by rule analysis / behavior analysis, and the like. These are shown as an IP address determination unit 810 and a rule / behavior analysis unit 820, respectively.

  Here, the blacklist of IP addresses is a list of IP addresses with a high degree of danger, such as being used for crimes such as fraud, and generating security threats such as the spread of computer viruses. Some are provided by computer and network security service vendors. The black list is stored in the risk DB 831. The rule / behavior analysis unit 820 performs rule analysis and behavior analysis based on history information such as an access log for each user stored in an RBA (Risk-Based Authentication) DB 832.

  The risk-based authentication server 800 applies a policy to the determination results obtained by the IP address determination unit 810 and the rule / behavior analysis unit 820, and evaluates the risk level of the transaction. When the risk level is higher than a predetermined threshold, the user is requested to perform additional authentication such as identity verification by telephone from the operator.

  In FIG. 11, each part of each server is generally implemented by software. Further, in the example of FIG. 11, each server including the risk-based authentication server 800 is illustrated as an independent device, but all or a part thereof may be mounted on the same device. The function of the risk-based authentication server 800 may be provided from a service vendor or the like via a network.

  In the risk-based authentication system according to the prior art, as described above, the policy applied when quantifying the results of rule analysis and behavior analysis is common to the risk-based authentication system and the online system equipped with the policy, and is flexible. There are missing parts. In other words, the risk level evaluation result cannot be changed depending on the attribute for each user (for example, account balance) or the attribute of the transaction (for example, whether the transaction involves funds transfer). The judgment level to be executed cannot be changed.

  Therefore, the risk-based authentication system according to the present embodiment has a function of changing the evaluation result of the risk level according to the attribute for each user, the attribute of the transaction, the instruction from the user, and the like, thereby executing additional authentication. It is possible to change the judgment level and realize a flexible authentication method. In addition, users have the ability to register the environment they use in advance, the transactions that can be used according to the environment and their attributes, etc., thereby improving the convenience of users who use from multiple environments and using them by themselves Strengthen authentication for access from environments that do not.

<Embodiment>
Hereinafter, the risk-based authentication system of the present embodiment will be described.

[System configuration]
FIG. 1 is a diagram showing an outline of a configuration example of an online system having a risk-based authentication system according to the present embodiment. In the risk-based authentication system shown in FIG. 1, a multi-stage authentication connection unit 120 is added to the Web AP server 100 in addition to the one shown in FIG. 11. Further, instead of the risk-based authentication server 800, a multi-stage authentication server 200 that is a multi-stage authentication unit is provided.

  The multi-stage authentication server 200 has a function similar to the function of the risk-based authentication server 800 in FIG. That is, the IP address determination unit 810 and the rule / behavior analysis unit 820 in FIG. 11 and the IP address determination unit 211 and the rule / behavior analysis unit 212 in FIG. 1 have similar functions.

  The multi-stage authentication server 200 further includes authentication units of an attribute determination unit 220 and an application determination unit 230 in order to make it possible to change the evaluation result of the risk level according to the attribute for each user, the transaction attribute, and the like. . The multistage authentication connection unit 120 of the Web AP server 100 includes a path determination unit 121 and a pass / fail determination unit 122 in order to control the authentication contents in the multistage authentication server 200, evaluate the risk level, and determine whether additional authentication is necessary. .

  Since the path determination unit 121 of the multistage authentication connection unit 120 performs risk-based authentication in addition to the authentication by the authentication unit 110 of the Web AP server 100, the path determination DB 151 refers to the authentication path in the multistage authentication server 200, That is, it is determined which of the authentication means of the multi-stage authentication server 200 is to be executed, and a risk level evaluation is requested to each of the authentication means to be executed. This path can be set for each user and is stored in the path determination DB 151.

  The attribute determination unit 220 of the multi-stage authentication server 200 evaluates the risk level according to the attribute for each user (for example, account balance) and the content of the user's pre-registration, quantifies the result, and responds to the path determination unit 121. In addition, the application determination unit 230 evaluates the risk level according to the application name of the transaction target, parameters used in the application (for example, whether the transaction involves a transfer of funds, the transfer amount, etc.). The result is digitized and responded to the path determination unit 121. The conditions for evaluating the risk level by the attribute determination unit 220 and the application determination unit 230 can be set for each user, and are stored in the attribute determination DB 250 and the APL determination DB 260, respectively.

  The multi-stage authentication server 200 according to the present embodiment has four authentication means, that is, an IP address determination unit 211, a rule / behavior analysis unit 212, an attribute determination unit 220, and an application determination unit 230. It is not necessary, and it may not have this part, and may have an additional authentication means.

  The pass / fail determination unit 122 of the multi-stage authentication connection unit 120 calculates the risk based on the score of the risk level evaluation result obtained by the path determination unit 121 and the ratio at the time of combination set for each authentication unit. Calculate the total score for the level. It is determined whether the total score is equal to or higher than a predetermined passing score, and if it is equal to or higher than the passing score, the PL base unit 130 and the screen control unit 140 perform normal screen transition as a pass. If it is less than the passing score, it is rejected and additional authentication or access denial is executed. It should be noted that the summing ratio and passing score set for each authentication means can be set for each user and stored in the pass / fail judgment DB 152.

  As described above, in the risk-based authentication system of the present embodiment, first, which authentication means is executed (or the evaluation result of which authentication means) by the path determination DB 151 at the time of the path determination of the entrance for performing risk-based authentication. Can be used for the assessment of the overall risk level) for each user. In addition, for risk-based authentication, in addition to the conventional risk-based authentication means by the risk-based authentication section 210, the attribute determination section 220 for evaluating the risk level based on user attributes and transaction attributes, and the authentication means for the application determination section 230 are used. Furthermore, the conditions for evaluating the risk level can be customized for each user by the attribute determination DB 250 and the APL determination DB 260. Furthermore, even at the time of pass / fail judgment at the exit of risk-based authentication, the pass / fail judgment DB 152 can customize the risk level total score calculation method and pass score for each user.

[Data structure]
Below, the data structure of each DB shown in FIG. 1 is demonstrated. In the present embodiment, a table structure is used, but a tree structure as in XML (eXtensible Markup Language) may be used. The actual storage means can also be various means such as various database systems and files.

  FIG. 2 is a diagram illustrating a data configuration of the path determination DB 151 and an example of specific data. The path determination DB 151 includes, for example, user ID, pass authentication, and authentication point fields. For each user ID, the pass of the authentication means that is passed in the risk-based authentication, that is, any of the authentication means in the multistage authentication server 200 is selected. This is a table for setting whether to execute. The type of authentication means to be passed is stored in the pass authentication field. In addition, each authentication means is actually executed, and a numerical value obtained as a result of evaluating the risk level in each authentication means is stored in the corresponding authentication score field.

  In the example of FIG. 2, for example, the user with the user ID “A10001” is set to perform only the risk level evaluation by the IP address determination unit 211 and the attribute determination unit 220 of the multi-stage authentication server 200 in the risk-based authentication. In other words, the evaluation score of each authentication result was 100 points and 30 points, respectively. In the initial state, no value is stored in the authentication score field. In the example of FIG. 2, the data in the pass authentication field is expressed in terms of “IP address determination” or the like for convenience of explanation. However, even when an ID assigned to each authentication unit is set in the implementation, Good.

  FIG. 3 is a diagram illustrating a data configuration of the pass / fail determination DB 152 and an example of specific data. The pass / fail judgment DB 152 includes, for example, fields of user ID, authentication, ratio at the time of summation, and passing score. For each user ID, the sum of risk levels is calculated based on the risk level evaluation result by each authentication means. It is a table which sets the rule at the time of performing determination. For each user ID and for every authentication means in the multi-stage authentication server 200, when the total score is calculated by adding the numerical values of the risk level evaluation results in each authentication means, the ratio multiplied by the evaluation value of each authentication means is added up Stored in the time ratio field. Further, a reference point to be compared with the calculated total score, that is, a point to be a reference for changing the authentication level with respect to the access of the target is stored in the passing score field.

  In the example of FIG. 3, for example, when the user with the user ID “A10001” calculates the total score of risk level evaluation values, the IP address determination unit 211, the rule / behavior analysis unit 212, the attribute of the multistage authentication server 200 This indicates that the values obtained by multiplying the numerical values of the risk level evaluation results by the determination unit 220 and the application determination unit 230 are respectively multiplied by 2, 1, 3, and 1, respectively. Moreover, if the total score obtained by totaling is 200 points or more, it is set to be acceptable, and if it is less than 200 points, it is set to be rejected.

  FIG. 4 is a diagram showing a data configuration of the risk DB 241 and an example of specific data. The risk DB 241 is a table that includes fields such as an IP address and a country, and holds information on a black list of the IP address. The risk DB 241 is also used in the prior art risk-based authentication system, and may have various items of data, and is particularly configured in the risk-based authentication system of the present embodiment. It is not necessary to prescribe.

  FIG. 5 is a diagram showing a data configuration of the RBA DB 242 and an example of specific data. The RBA DB 242 includes, for example, fields such as a user ID, an IP address, a User Agent (information included in a transaction request message and identifying a usage environment such as a Web browser), an access time, and the like. It is a table that holds the history information about the access time and environment from. The RBA DB 242 is also used in the risk-based authentication system of the prior art, and may have various items of data, and is particularly configured in the risk-based authentication system of the present embodiment. It is not necessary to prescribe.

  FIG. 6 is a diagram illustrating a data configuration of the attribute determination DB 250 and specific data examples. The attribute determination DB 250 includes, for example, fields such as a user ID, an authentication enhancement application, an overseas use application, a country of use, an available APL (application), an account balance authentication enhancement application, a reference account balance, and the like. This is a table in which risk level evaluation conditions and authentication strengthening designations are set for each value (parameters such as the user's own) and parameter attributes (parameters such as account balance).

  In the authentication enhancement application field, there is a flag for designating whether or not a stricter evaluation is performed on the risk level evaluation result by the attribute determination for each user in the attribute determination unit 220 by pre-registration by an application from the user. Is set. When this flag is “Y”, for example, the user attribute and / or parameter attribute evaluation results, or both of the numerical values of the evaluation results are uniformly subtracted from XX or XX%. It is possible to increase the authentication strength by reducing the numerical value of the evaluation result by squeezing to stricter the evaluation result of the risk level.

  In the field for overseas use application, a flag is set for designating whether or not there is a possibility of using the application overseas by pre-registration by application from the user. When this flag is “Y”, the target country and the type of application that can be used in that country are further set in the fields of the use country and available APL. As a result, for example, in a country where business trips are often made, only a part of services can be used, and access from other countries can be denied.

  In the field of the account balance authentication strengthening application, a flag is set for designating whether or not the risk level is to be evaluated according to the account balance by pre-registration based on the application from the user. When this flag is “Y”, for example, the account balance stored in the customer DB 410 in FIG. 1 is referred to, and the risk level is evaluated according to the account balance. At this time, if the account balance is larger than the value set in the field of the reference account balance, for example, XX points are subtracted from the numerical value of the evaluation result, or × depending on the difference from the value of the reference account balance It is possible to increase the authentication strength by lowering the numerical value of the evaluation result by setting it to ×% and tightening the evaluation result of the risk level.

  In the example of FIG. 6, for example, the user with the user ID “A10001” has applied for an authentication strengthening evaluation that evaluates the evaluation result by the attribute determination unit 220 more strictly, and if the account balance is 10 million yen or more It shows that the application for strengthening the certification to make the evaluation result stricter. In addition to the application for strengthening authentication, the user with the user ID “A20001” has also applied for an overseas usage environment, and is able to use stock trading and deposit / withdrawal applications in the United States and stock trading applications in the United Kingdom. In addition, when the account balance is 5 million yen or more, it indicates that an application for strengthening authentication is made to tighten the evaluation result. In the example of FIG. 6, the data of the field of available APL is expressed in terms such as “stock trading” for convenience of explanation, but an ID assigned to each application may be set at the time of implementation. .

  FIG. 7 is a diagram illustrating a data configuration of the APL determination DB 260 and an example of specific data. The APL determination DB 260 includes, for example, user ID, application, and parameter condition fields, and is a table in which risk level evaluation conditions are set for each user ID using parameters for each application to be used.

  In the application field, the name of the application for which the risk level is to be strictly evaluated is set. The parameter condition is set to a parameter condition that makes risk level evaluation stricter when the corresponding application is used. In the example of FIG. 7, for example, the user ID “A10001” subtracts xx points from the numerical value of the evaluation result when the trading value is 1 million yen or more when performing a stock trading application. By compressing to ×%, the numerical value of the evaluation result can be lowered, the risk level can be strictly evaluated, and the authentication strength can be increased. In the example of FIG. 7, the data in the parameter condition field is expressed in terms of “purchase price of 1 million yen or more” for convenience of explanation. However, the ID assigned to each parameter or the ID is used in the implementation. A conditional expression template or the like may be set.

  The customer DB 410 is a DB in which customer information generally used in business processing in the APL server 300 is stored. In this embodiment, it is assumed that at least the account balance of the customer specified by the user ID is included, and description of other data structures is omitted.

  The path determination DB 151, the pass / fail determination DB 152, the attribute determination DB 250, and the APL determination DB 260 use the user ID as a key item, and change the settings for each user, for each attribute, and for each type of application as described above. Is possible. At this time, for example, a value that considers the combination in advance for each setting is stored as a default value common to all users, and these values are set as initial values. The setting may be changeable by a registration / change operation from the user by an application, registration from a server based on an application from the user, or the like. The default value may be changed by a registration / change operation or the like by a system administrator or the like.

[Process flow]
Hereinafter, a flow of authentication processing in the risk-based authentication system of the present embodiment will be described. FIG. 8 shows a case where only the parts related to the multistage authentication connection unit 120 and the multistage authentication server 200 corresponding to the risk-based authentication system are extracted from the online system shown in FIG. 1 and all the authentication means in the multistage authentication server 200 are executed. It is the figure which showed the example of the flow of the process. In the drawing, each process and the flow of the process are indicated by parenthesized numerals and solid arrows, and the contents of each process will be described in order below.

  (1) When an access request from a user is generated by the client terminal 600, when the normal authentication process in the authentication unit 110 of the Web AP server 100 is permitted, the multistage authentication connection unit 120 is requested to perform risk-based authentication. . The access from the user is not limited to the login process, and risk-based authentication can be applied to various accesses such as a transaction process for executing an application.

  (2) The path determination unit 121 refers to the path determination DB 151 using the user ID included in the access request from the user as a key, and determines an authentication unit to be executed (passed). That is, for the target user ID, the value of the pass authentication field corresponding to the entry for which no value is set in the authentication score field (authentication has not yet been performed) is acquired from the path determination DB 151. Here, it is first determined that authentication by “IP address determination” is performed.

  (3) The path determination unit 121 requests the IP address determination unit 211 of the multi-stage authentication server 200 for authentication, that is, a risk level evaluation.

  (4) The IP address determination unit 211 refers to the risk DB 241 and the RBA DB 242 to perform determination based on the blacklist for the IP address and country of the access environment, and calculates the numerical value of the risk level evaluation result to determine the path. Responds to the unit 121.

  (5) The path determination unit 121 stores the numerical value of the risk level evaluation result returned from the IP address determination unit 211 in (4) in the authentication score field of the corresponding entry in the path determination DB 151, and (2) Similar processing is performed. Here, it is determined that authentication is performed by “rule / behavior analysis”.

  (6) The path determination unit 121 requests the rule / behavior analysis unit 212 of the multi-stage authentication server 200 to evaluate the risk level.

  (7) The rule / behavior analysis unit 212 refers to the RBA DB 242 and performs rule analysis and behavior analysis. That is, based on the access history of the user stored in the RBA DB 242, a comparison with an access pattern with high suspicion such as fraud and a comparison with a past behavior pattern of the user is performed, and a numerical value of the risk level evaluation result is obtained. Calculate and respond to the path determination unit 121.

  (8) Similarly to the processing of (5), the path determination unit 121 uses the numerical value of the risk level evaluation result returned from the rule / behavior analysis unit 212 in (7) as the authentication score of the corresponding entry in the path determination DB 151. Store in the field and perform the same processing as in (2). Here, it is determined that authentication is performed by “attribute determination”.

  (9) The path determination unit 121 requests the attribute determination unit 220 of the multi-stage authentication server 200 to evaluate the risk level.

  (10) The attribute determination unit 220 evaluates the risk level by attribute determination with reference to the attribute determination DB 250, customer DB 410, etc. using the user ID as a key, calculates a numerical value of the evaluation result, and responds to the path determination unit 121 . Here, according to the setting contents for each user in the attribute determination DB 250, for example, when the account balance authentication enhancement application field is set to “Y”, the account balance value in the customer DB 410 and the reference account in the attribute determination DB 250 Compare the value of the balance field, and if the account balance is more than the standard account balance, subtract XX points or compress it to XX% for the score of the evaluation result otherwise Evaluation can be made stricter by lowering the score.

  Further, when the field for overseas use application in the attribute determination DB 250 is set to “Y”, the country of the user's access environment and the target application are set in the country of use country and available APL fields of the attribute determination DB 250. If it is applicable to the country and application, the score of the evaluation result can be increased, and if not applicable, the score of the evaluation result can be decreased to make the evaluation stricter.

  Further, when the field of the authentication enhancement application in the attribute determination DB 250 is set to “Y”, the evaluation is made strict by lowering the score by further subtracting xx points from the score of the evaluation result of the entire attribute determination. It is possible. Moreover, not only these conditions but other conditions may be added.

  (11) Similarly to the processing of (5), the path determination unit 121 uses the numerical value of the risk level evaluation result returned from the attribute determination unit 220 in (10) as the authentication score field of the corresponding entry in the path determination DB 151. Store and perform the same processing as in (2). Here, it is determined that authentication is performed by “application determination”.

  (12) The path determination unit 121 requests the application determination unit 230 of the multistage authentication server 200 to evaluate the risk level.

  (13) The application determination unit 230 refers to the APL determination DB 260 using the user ID as a key, evaluates the risk level according to the type of application, etc., calculates a numerical value of the evaluation result, and responds to the path determination unit 121. Here, according to the setting contents for each user in the APL determination DB 260, for example, when the application name or parameter of the transaction is set in the application or parameter condition field of the APL determination DB 260, the case is not applicable. Evaluation can be made stricter by lowering the score by subtracting XX points from the score of the evaluation result or compressing to XX%.

  This makes it possible to increase the authentication strength only when necessary, for example, by changing the authentication strength between actually pressing the `` Purchase '' button when purchasing a product and when changing screens when selecting a product. Yes, it is possible to avoid unnecessary additional authentication while maintaining security.

  (14) Similar to the processing of (5), the path determination unit 121 uses the numerical value of the risk level evaluation result returned from the application determination unit 230 in (13) as the authentication score field of the corresponding entry in the path determination DB 151. Store and perform the same processing as in (2). Here, since it is determined that all authentication has been completed, the authentication score for each authentication means stored in the path determination DB 151 is sent to the pass / fail determination unit 122.

(15) The pass / fail determination unit 122 refers to the pass / fail determination DB 152 using the user ID as a key, and calculates the total score of the risk level evaluation results based on the authentication score for each authentication means sent from the path determination unit 121. Calculate and make a final pass / fail decision. The calculation of the total score of the risk level evaluation results, for example, for each authentication means, by acquiring the value of the field for the summation time ratio from the pass / fail judgment DB 152, and for each summing time corresponding to the number of authentication points for each authentication means The sum of the product of the ratio values can be summed up. That is,
Total score =
(Authentication score by IP address determination x IP address determination total ratio)
+ (Certification score by rule / behavior analysis x Ratio of rules / behavior analysis combined)
+ (Authentication score by attribute judgment x ratio when attribute judgment is added)
...
+ (Authentication score based on application judgment x percentage of application judgment combined)
It becomes. Furthermore, the value of the passing score field for the user is acquired from the pass / fail determination DB 152, and the calculated total score is compared with the acquired passing score to determine whether the total score is equal to or higher than the passing score. If the total score is greater than or equal to the passing score, it will be accepted, and if it is less than the passing score, it will be rejected.

  (16) If the result of the pass / fail determination in (15) is acceptable, normal screen transition is performed by the PL base unit 130 and the screen control unit 140 of the Web AP server 100 and the client terminal 600 is responded. If the result of the pass / fail determination in (15) is unsuccessful, an identity verification execution request or access denial by additional authentication is executed.

[Concrete example]
Hereinafter, the flow of the authentication process in the risk-based authentication system of the above-described embodiment in FIG. 8 will be described with reference to specific data examples. It is assumed that the specific value of each DB is the same as the example shown in FIGS. 2 to 7 and the user with the user ID “A10001” has accessed. In addition, it is assumed that the account balance of the user is registered as 15 million yen in the customer DB 410.

  (1) The path determination unit 121 of the multistage authentication connection unit 120 receives a request for risk-based authentication through access from the user with the user ID “A10001”.

  (2) The path determination unit 121 refers to the path determination DB 151 using the user ID “A10001” as a key, and determines an authentication unit to be executed. Here, it is first determined that authentication by “IP address determination” is performed.

  (3) The path determination unit 121 requests the IP address determination unit 211 of the multistage authentication server 200 to evaluate the risk level.

  (4) The IP address determination unit 211 refers to the risk DB 241 and the RBA DB 242 to perform determination based on the blacklist for the IP address and country of the access environment, and calculates the numerical value of the risk level evaluation result to determine the path. Responds to the unit 121. Here, it is shown that the numerical value of the risk level evaluation result was 100 points.

  (5) The path determination unit 121 stores the numerical value (100 points) of the risk level evaluation result returned from the IP address determination unit 211 in (4) in the authentication score field of the corresponding entry in the path determination DB 151, Processing similar to (2) is performed. Here, it is determined that authentication is performed by “attribute determination”.

  (9) The path determination unit 121 requests the attribute determination unit 220 of the multi-stage authentication server 200 to evaluate the risk level.

  (10) The attribute determination unit 220 refers to the attribute determination DB 250, customer DB 410, etc. using the user ID “A10001” as a key, evaluates the risk level by attribute determination, calculates the numerical value of the evaluation result, and determines the path determination unit. Respond to 121. Here, in the example of the attribute determination DB 250 in FIG. 6, the user ID “A10001” calculates the account balance evaluation result because the value of the account balance authentication enhancement application field is set to “Y”. And add. In the example of the attribute determination DB 250 in FIG. 6, since the field of the reference account balance is set to 10 million yen, the account balance (15 million yen) is larger than the reference account balance (10 million yen). In order to make the evaluation of more strict, it is assumed that, for example, 50 points are obtained as a result of subtracting a predetermined number of points from the number of points normally added.

  In addition, because the field of the application for strengthening authentication is set to “Y”, a predetermined score is further subtracted from the evaluation score of the entire attribute judgment (in this example, 50 points) in order to make the evaluation of the entire attribute judgment more strict. As a result, the numerical value of the risk level evaluation result is 30 points.

  (14) Similar to the processing of (5), the path determination unit 121 uses the numerical value (30 points) of the risk level evaluation result returned from the attribute determination unit 220 in (10) to authenticate the corresponding entry in the path determination DB 151. The data is stored in the score field, and the same processing as in (2) is performed. Here, since it is determined that all authentication has been completed, the authentication score for each authentication means stored in the path determination DB 151 is sent to the pass / fail determination unit 122.

(15) The pass / fail determination unit 122 refers to the pass / fail determination DB 152 using the user ID “A10001” as a key, and based on the authentication score for each authentication means sent from the path determination unit 121, the risk level evaluation result The total score is calculated and a final pass / fail decision is made. Here, in the pass / fail judgment DB 152 of FIG. 3, for the user, the summation time ratio of “IP address judgment” is 2, and the summation time ratio of “attribute judgment” is 3, so the total score is
Total points = (100 points × 2) + (30 points × 3) = 290 points. Here, in the pass / fail determination DB 152 of FIG. 3, since the passing score is 200 for the user, it is determined to be passing.

  (16) Since the result of the pass / fail determination in (15) is acceptable, normal screen transition is performed by the PL base unit 130 or the screen control unit 140 of the Web AP server 100 and the client terminal 600 is responded.

  In the risk-based authentication system of this embodiment, as in the example described above, only the authentication means set in the pass authentication field of the path determination DB 151 is executed, and no other authentication means is executed. Although it is configured, it is executed for all the authentication means regardless of the setting of the bus determination DB 151, and the total risk level in the pass / fail determination unit 122 is only for the authentication means set in the pass authentication field of the pass determination DB 151. It is also possible to adopt a configuration in which the score is to be added at the time of score calculation (for other authentication means, the risk level is evaluated but does not contribute to the calculation of the total score).

  Further, for example, only when the value of the field of the overseas use application or the account balance authentication enhancement application in the attribute determination DB 250 is “Y” when the risk level evaluation result is digitized by the attribute determination unit 220 The item evaluation result is digitized and added, but when the value is “N”, the item evaluation result is uniformly added as a full score or a predetermined score. Also good.

  In addition, the risk level evaluation results for each authentication means and the specific calculation method for total points (scoring and ratio for each condition, points to be subtracted when making evaluation strict, compression ratio, calculation formula, etc.) are described above. Of course, the present invention is not limited to such an example, and various methods can be taken. Further, the evaluation is not limited to the score, but may be evaluation based on a level or the like.

[Modification of system configuration]
Below, the modification of the system configuration | structure of the risk-based authentication system of this Embodiment is demonstrated. FIG. 9 is a diagram schematically showing a system configuration example of an online system having the risk-based authentication system of the present embodiment shown in FIG.

  In the configuration shown in FIG. 9, the risk-based authentication system includes a multi-stage authentication connection unit 120 and a multi-stage authentication server 200. The multi-stage authentication connection unit 120 includes a path determination unit 121 and a pass / fail determination unit 122, and the Web AP server 100 Is placed on top. The multi-stage authentication server 200 is a multi-stage authentication unit having authentication means for performing each authentication in risk-based authentication. In the risk-based authentication system according to the present embodiment, the risk-based authentication unit 210, the attribute determination unit 220, and the application determination Part 230.

  The configuration shown in FIG. 9 is realized by newly arranging software on the Web AP server 100 and the risk-based authentication server 800 with respect to the conventional risk-based authentication system shown in FIG. Here, in the multi-stage authentication server 200, for example, when the risk-based authentication unit 210 that performs risk-based authentication according to the conventional technology is mounted as a package such as a product, the attribute determination unit 220 and the application determination unit 230 are It may be implemented as software different from the package constituting the authentication unit 210, or may be implemented in the form of function expansion of the package itself constituting the risk-based authentication unit 210.

  On the other hand, FIG. 10 is a diagram schematically showing another system configuration example of the online system having the risk-based authentication system of the present embodiment shown in FIG. In the configuration shown in FIG. 10, the risk-based authentication system includes a multi-stage authentication server 700 and a risk-based authentication server 800. The multi-stage authentication server 700 includes the path determination unit 121, pass / fail determination unit 122, and attribute determination unit 220 shown in FIG. The path determination unit 710, the pass / fail determination unit 720, the attribute determination unit 730, and the application determination unit 740 have the same functions as the application determination unit 230.

  In the configuration shown in FIG. 10, the risk-based authentication server 800 is the same as that shown in FIG. 11, and the Web AP server 100 and the risk-based authentication server 800 are different from the conventional risk-based authentication system shown in FIG. The configuration is realized by newly constructing a dedicated multi-stage authentication server 700 in between.

  When implementing the risk-based authentication system, select the software implementation method shown in the example of FIG. 9, the implementation method using the dedicated server shown in the example of FIG. It is possible to apply.

  As described above, according to the risk-based authentication system of the present embodiment, in addition to the risk-based authentication in the conventional risk-based authentication system, the attribute-based determination unit 220, the application determination unit 230, etc. It is possible to change the evaluation result of the risk level according to each attribute and transaction attribute. Moreover, it is possible to change the conditions in the risk level evaluation for each user.

  In addition, at the entrance of risk-based authentication, the path determination DB 151 can customize which authentication is performed for each user, and a new authentication unit for evaluating the risk level can be added as necessary. Easy. In addition, at the time of pass / fail determination at the risk-based authentication exit, the pass / fail determination method can be customized for each user. As a result, the risk level evaluation result in the risk-based authentication can be changed according to the user attribute, the transaction attribute, the instruction from the user, etc., and it is possible to realize a flexible risk-based authentication.

  In addition, according to the risk-based authentication system of this embodiment, the user can register the environment that he / she uses in advance, the transactions that can be used according to the environment and their attributes, etc. It is possible to enhance the convenience of the user who performs the operation and to strengthen authentication for access from an environment that the user does not use.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say.

  The present invention is applicable to an authentication system and an authentication method for performing risk-based authentication in an online system or the like.

It is a figure which shows the outline | summary of the structural example of the online system which has a risk-based authentication system of one embodiment of this invention. It is the figure which showed the data structure and specific example of data of path | pass judgment DB in one embodiment of this invention. It is the figure which showed the example of the data structure and specific data of the pass / fail judgment DB in one embodiment of this invention. It is the figure which showed the data structure of risk DB and the example of specific data in one embodiment of this invention. It is the figure which showed the data structure of RBA DB in one embodiment of this invention, and the example of concrete data. It is the figure which showed the example of the data structure and specific data of attribute judgment DB in one embodiment of this invention. It is the figure which showed the example of the data structure and specific data of APL judgment DB in one embodiment of this invention. It is the figure which showed the example of the flow of the process in one embodiment of this invention. It is the figure which showed the outline about the system configuration example of the online system which has a risk-based authentication system of one embodiment of this invention. It is the figure which showed the outline about another system structural example of the online system which has a risk-based authentication system of one embodiment of this invention. It is a figure which shows the outline | summary of the structural example of the online system which has a risk-based authentication system by a prior art.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Web AP server, 110 ... Authentication part, 120 ... Multi-stage authentication connection part, 121 ... Pass judgment part, 122 ... Pass / fail judgment part, 130 ... PL base part, 140 ... Screen control part, 151 ... Path judgment DB, 152 ... Pass / fail judgment DB, 200 ... multi-stage authentication server, 210 ... risk-based authentication unit, 211 ... IP address judgment unit, 212 ... rule / behavior analysis unit, 220 ... attribute judgment unit, 230 ... application judgment unit, 241 ... risk DB, 242 ... RBA DB, 250 ... Attribute judgment DB, 260 ... APL judgment DB, 300 ... APL server, 400 ... DB server, 410 ... Customer DB, 500 ... Network, 600 ... Client terminal,
700 ... Multi-stage authentication server, 710 ... Path determination unit, 720 ... Pass / fail determination unit, 730 ... Attribute determination unit, 740 ... Application determination unit, 800 ... Risk-based authentication server, 810 ... IP address determination unit, 820 ... Rule / behavior analysis Part,
831 ... Risk DB, 832 ... RBA DB.

Claims (8)

When authenticating access from a user in a computer system, the risk level of the access is evaluated by rule analysis or behavior analysis based on historical access history information from the user or the environment of the access source. A risk-based authentication system for changing an authentication level for the access based on the evaluation result,
A risk-based authentication unit that performs the rule analysis and the behavior analysis to evaluate the risk level for the access; and
An attribute determination unit that evaluates the risk level for the access based on information on attributes for each user;
A multi-stage authentication unit including a plurality of authentication means for evaluating the risk level for the access, including the risk-based authentication unit and the attribute determination unit;
A path determination unit that requests each of the authentication means of the multi-stage authentication unit to evaluate the risk level and obtain the evaluation result;
A pass / fail determination unit that evaluates the final risk level for the access based on the evaluation result of each risk level acquired by the path determination unit, and changes the authentication level for the access based on the evaluation result; A risk-based authentication system characterized by comprising: The risk-based authentication system according to claim 1,
The multi-stage authentication unit further includes, as the authentication unit, an application determination unit that evaluates the risk level for the access based on information on a type of the application to be accessed and parameter information for the application. Risk-based authentication system. The risk-based authentication system according to claim 1,
A risk-based authentication system characterized in that conditions for evaluating the risk level in the attribute determination unit can be set in advance for each user and each attribute. The risk-based authentication system according to claim 2,
A risk-based authentication system, wherein conditions for evaluating the risk level in the application determination unit can be set in advance for each user and each type of application. In the risk-based authentication system according to claim 3 or 4,
A risk base characterized in that a predetermined value can be set in advance for a combination of a condition for evaluating the risk level in the attribute determination unit and a condition for evaluating the risk level in the application determination unit Authentication system. In the risk-based authentication system according to claim 1 or 2,
The risk characterized in that the type of the authentication means that is a target when requesting the risk level evaluation request to the multistage authentication unit in the path determination unit can be set in advance for each user. Base authentication system. In the risk-based authentication system according to claim 1 or 2,
A risk in which a condition for evaluating the final risk level for the access in the pass / fail judgment unit and a criterion for changing the authentication level for the access can be set in advance for each user. Base authentication system. When authenticating access from a user in a computer system, the risk level of the access is evaluated by rule analysis or behavior analysis based on historical access history information from the user or the environment of the access source. A risk-based authentication method for changing an authentication level for the access based on the evaluation result,
When the computer system receives the access from the user,
Risk-based authentication for performing the rule analysis and the behavior analysis to evaluate the risk level for the access; and
Attribute determination to evaluate the risk level for the access based on information about the attribute for each user;
Of the application judgment that evaluates the risk level for the access based on the type of application to be accessed and information on parameters for the application,
Executing at least one authentication procedure based on conditions set in advance by the user to obtain an evaluation result of the risk level by each authentication procedure;
The final risk level for the access is evaluated based on the evaluation result of the risk level acquired by each authentication procedure, and the authentication level for the access is changed based on the evaluation result. Risk-based authentication method.

Images