THE METHOD OF SERVICE TO PREVENT USING PERSONAL INFORMATION BY STEALTH
Technical Field The present invention relates to prevention of personal information from being used by stealth.
Background Art There are lots of authentication techniques for authenticating a user. Actually, methods such as public authentication or biometrics make a good score in stability. In existing authentication methods, however, stability is high, but convenience or popularity is low. For this reason, many services are mainly limited to authentication methods in which a password only is confirmed. As such, there frequently occur many cases where privacy is infringed by evading such shabby authentication methods and appropriating others' ID. Economic damages are also incurred on the Internet by using others' personal information by stealth.
Technical Problem Accordingly, the present invention has been made to prevent such appropriation cases, and it is an object of the present invention to provide a method in which a user can sense and prevent appropriation of his or her personal information or ID
in real time anywhere on the Internet.
Advantageous Effects
According to the present invention, a user is allowed to log in a program serving as a sensor for inquiring an authentication server about personal information. Thus, appropriation in many service web sites that operate shabby authentication systems having a risk of appropriation can be sensed and prohibited in an integral manner.
Brief Description of Drawings FIG. 1 shows the configuration and flowchart thereof according to the present invention.
Best Mode for Carrying Out the Invention The present invention will now be described in detail in connection with preferred embodiments with reference to the accompanying drawings . FIG. 1 shows the configuration and flowchart thereof according to the present invention. An authentication server 5, a plurality of service servers 9, and a plurality of user computers 6, 7 are all interconnected through a network. The authentication server 5 is installed with a program for
authenticating a user 6 for other service servers 9. The service server 9 is a server for providing services to the user 6. The service server 9 is programmed to request authentication from the authentication server 5 even after a login process is finished when a user, who tries to become a member, wants payment or tries to login, tries to have himself or herself authenticated. In order to perform the user authentication for member joining or payment through real name, the service server 9 is programmed to inquire the authentication server about real name information that is input from the user. In the case where authentication of a user who tries to login is performed, the service server 9 is programmed to inquire real name information or an authentication ID 1 of the authentication server. To this end, the service server has the authentication ID 1 of the user recorded in member information previously. Tables shown in FIG. 1 indicate database records recorded in the authentication server and the service server. The user computer 6 is installed with an appropriation- sensing program, which is programmed to log in the authentication server 5. The process according to the present invention will now be described. An exemplary process shown in FIG. 1 is a case where others 7 use an ID 10 of the user 6 by stealth in a state where the user 6 is being logged in the authentication server 5. 1. Appropriation-sensing program login process
If the user 6 powers a computer on at his of her working place, an appropriation-sensing program is automatically executed. The user logs in the authentication server 5 through a predetermined authentication procedure (SI). The authentication server 5 records an access IP 3 of the user who has logged in (S2) . This means informing the authentication server 5 of the fact that the user 6 is located just at a location 3 where he or she is logged in. This tells that authentication of the user at other locations is an appropriation attempt. 2. Authentication request process If users 6, 7 have access to a predetermined service server 9 to become a member, or input an ID 10 and a password 11 to log in (S3) , the service server 9 inquires an authentication server about a user's real name information input by the user or an authentication server ID 1 recorded in member information in order to carry out the user authentication (S4). 3. Authentication request location confirmation process If authentication is required from the service server 9, an input interface 8 through which a password of the authentication server ID is input is called on a user screen 7 (S5) . The password input interface 8 includes an applet that acquires and reports an IP of a user computer, and is directly connected to the authentication server 5. Thus, the password input interface 8 can acquire an access IP 4 of the user (S5) along with output. 4. Access location comparison process
The authentication server 5 confirms whether the login location 3 exists in a current authentication server by inquiring the requested real name information or ID 1 (S6) , and compares the confirmed login location 3 with the access location 4 for which authentication is required (S7). If the login location 3 exists, the authentication server 5 determines that the user is in a login state. If the login location 3 does not exist, the authentication server 5 determines that the user is in a logout state. 5. Authentication process In the case where the user 6 for which authentication is requested is in a login state to the authentication server, if the access location 4 of the user 6 for which authentication is requested is different from the login access location 3, the authentication procedure is not performed. When two access locations 3 and 4 are identical to each other, the authentication procedure is performed. Meanwhile, the authentication procedure may be set to be omitted depending upon a degree of the importance of a service when the two access locations 3 and 4 are identical to each other. If the user is in a logout state to the authentication server 5, the authentication procedure is performed, and the results are sent to the service server 9. The authentication procedure may employ various technologies for identifying the user not the password
confirmation type. 6. Prohibition and alarm process If the access location 4 of the user for which authentication is requested in the authentication process and the access location 3 of the user who has logged in the authentication server are different from each other, this is estimated as an appropriation attempt, and a corresponding authentication case is regarded as authentication fail 8. An alarm message is sent to the user 6 who has logged in using the appropriation-sensing program (S8). The alarm message can include the access IP 4, which is collected in the authentication request location tracking process, so as to utilize it as a report material. This makes the person 7 who attempts appropriations feel that a danger of appropriation is high, and can discourage the person 7 to attempt appropriation. The main configuration of the present invention has been described so far. However, since the importance of ID security in a given service may be different according to a user, services in which only existing ID and password are confirmed and the user authentication process according to the present invention is optionally omitted can be more preferred. That is, this service is for a person who wants to log in more simply than experiencing the user authentication procedure since it is not important to him. As a result, for the purpose of his ID
security, a person who has joined in the authentication server registers his authentication ID in a web site that supports an ID security service, the service web site allows only members whose authentication IDs are registered among members that log in to experience the user authentication procedure. In FIG. 1, a person whose authentication ID 1 is recorded in member information within the service server is allowed to experience the user authentication procedure, and a person not having the authentication ID 1 can directly use services.