WO2013076821A1 - Authentication method and authentication server for authenticating portable terminal - Google Patents

Authentication method and authentication server for authenticating portable terminal Download PDF

Info

Publication number
WO2013076821A1
WO2013076821A1 PCT/JP2011/076943 JP2011076943W WO2013076821A1 WO 2013076821 A1 WO2013076821 A1 WO 2013076821A1 JP 2011076943 W JP2011076943 W JP 2011076943W WO 2013076821 A1 WO2013076821 A1 WO 2013076821A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
telephone number
mobile terminal
procedure
call
Prior art date
Application number
PCT/JP2011/076943
Other languages
French (fr)
Japanese (ja)
Inventor
雅巳 木原
Original Assignee
学校法人日本大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 学校法人日本大学 filed Critical 学校法人日本大学
Priority to PCT/JP2011/076943 priority Critical patent/WO2013076821A1/en
Publication of WO2013076821A1 publication Critical patent/WO2013076821A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels

Definitions

  • the present invention relates to an authentication method and an authentication server for authenticating a mobile terminal.
  • the subscriber unique number is used for mobile phone authentication.
  • the mobile phone is rarely separated from the individual and is part of the user as much as the user's biometric authentication, and authenticating the mobile phone itself is equivalent to authenticating the user,
  • One of the features is that the user does not need to memorize it like a password. Because it is easy to use, it is used for user authentication in Internet services.
  • Patent Document 1 An authentication method for authenticating a mobile terminal in addition to a contractor's unique number has been proposed (see, for example, Patent Documents 1 and 2).
  • the invention of Patent Document 1 is issued from the authentication server side to a user's mobile phone through a telephone line. Call and let the user enter the phone number on the authentication server side.
  • an ID is transmitted from the authentication server to the receiver terminal using the Internet connection function, and an ID is transmitted from the receiver's mobile phone to the authentication server using the telephone connection function.
  • the contractor's unique number is a convenient authentication method, but there is a drawback that it cannot be used with smartphones whose sales volume is currently increasing. This is because smartphones have a more general computer-like device configuration and network configuration.
  • Patent Documents 1 and 2 Since the inventions of Patent Documents 1 and 2 only use the telephone connection function as a means for transmitting and receiving IDs or passwords, unauthorized users become impersonated users with the cooperation of authorized users. There is a problem that can.
  • an object of the present invention is to prevent spoofing by an unauthorized user even when there is cooperation of a regular user.
  • an authentication method and an authentication server for authenticating a mobile terminal of the present invention notify an authentication server-side authentication telephone number from the authentication server to the user's mobile terminal, and the mobile terminal authenticates the authentication.
  • the authentication server can identify whether it is a legitimate user's phone number, Two types of information are used to enable user authentication.
  • an authentication method for authenticating a mobile terminal of the present invention includes a basic authentication information transmission procedure for transmitting basic authentication information including information for identifying the mobile terminal from the mobile terminal to the authentication server, It is determined whether or not the received basic authentication information matches the basic authentication information of the mobile terminal stored in advance in the authentication server. If they match, an authentication telephone is sent from the authentication server to the mobile terminal.
  • a telephone number notification procedure for notifying the number, a calling procedure for calling from the portable terminal to the authentication telephone number through a telephone line, a caller telephone number in the calling procedure, and the mobile phone stored in advance in the authentication server Authentication succeeds when the phone number of the terminal matches and the called party phone number in the calling procedure matches the authentication phone number notified in the phone number notification procedure Having a determination procedure, in this order.
  • the authentication method for authenticating the mobile terminal of the present invention has a basic authentication information transmission procedure, it is possible to prevent an authentication telephone number from being acquired by a person other than the registered authorized user. Thereby, even if a portable terminal is stolen, impersonation by persons other than the user of a portable terminal can be prevented. Furthermore, since the authentication method for authenticating the portable terminal of the present invention has a telephone number notification procedure, a calling procedure, and a determination procedure, authentication is performed using two pieces of information: the telephone number of the portable terminal and the telephone number notified by the authentication server. It can be carried out. Thereby, even if there is cooperation of a regular user, impersonation by an unauthorized user can be prevented.
  • a call procedure comprising the telephone number notification procedure and the calling procedure is repeatedly performed, and in the telephone number notification procedure, an authentication telephone number is notified from the authentication server to the portable terminal.
  • the time interval at which the call is made varies depending on the telephone number notification procedure.
  • the time interval at the time when a call is made from the mobile terminal is measured. If the time interval for notifying the mobile terminal of the authentication telephone number from the authentication server in the notification procedure matches the time interval at the time when the call was made from the mobile terminal in the call origination procedure, You may judge.
  • impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
  • the telephone number for notification is sent from the authentication server to the portable terminal in the telephone number notification procedure by repeatedly performing a telephone call procedure comprising the telephone number notification procedure and the calling procedure. Is different for each of the phone number notification procedures, and in the determination procedure, all caller phone numbers and phone numbers of the mobile terminals stored in advance match, and If the called party telephone number and the authentication telephone number notified immediately before each outgoing call procedure all match, it may be determined that the authentication is successful. According to the present invention, an unpredictable telephone number of the mobile terminal can be notified to the mobile terminal, so that the authentication accuracy can be improved.
  • the authentication method for authenticating a mobile terminal in the call origination procedure, from the time when the authentication server number in the phone number notification procedure is notified from the authentication server to the mobile terminal, The time required up to the point in time of the call may be measured, and in the determination procedure, it may be determined that the authentication is successful if the required time is within a predetermined time. According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
  • a timing for calling the portable terminal is further specified.
  • a command is transmitted from the authentication server to the mobile terminal, and the mobile terminal makes a call at the timing when the command is issued in the call origination procedure.
  • the call timing from the mobile terminal is further determined. If it matches the command, it may be determined that the authentication is successful. According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
  • the authentication method for authenticating a mobile terminal in the telephone number notification procedure, when notifying the mobile terminal of an authentication telephone number from the authentication server, a command for reading out information unique to the mobile terminal Is transmitted from the authentication server to the portable terminal, and when the portable terminal makes a call in the calling procedure, the commanded information is read from the portable terminal and transmitted to the authentication server, and the determination procedure is performed. Further, in the case where the information received from the portable terminal matches the information stored in advance that is unique to the portable terminal, it may be determined that the authentication is successful. According to the present invention, it is possible to confirm whether or not the mobile terminal that has made a call to the authentication server is a mobile terminal that is stored in advance in the authentication server. Thereby, the impersonation by an unauthorized user can be made more difficult.
  • the authentication phone in the telephone number notification procedure, when the authentication phone number is notified from the authentication server to the mobile terminal, the authentication phone is used by using information unique to the mobile terminal.
  • the number is encrypted and notified, and in the calling procedure, the encrypted authentication telephone number is decrypted using the information unique to the mobile terminal, and the decrypted authentication telephone number is called through the telephone line. Also good.
  • the present invention it is possible to confirm whether or not the mobile terminal that has made a call to the authentication server is a mobile terminal that is stored in advance in the authentication server. Thereby, the impersonation by an unauthorized user can be made more difficult.
  • the authentication server determines whether basic authentication information, which is stored in advance and includes information for identifying a mobile terminal, matches the basic authentication information transmitted from the mobile terminal.
  • a telephone number notification unit for notifying the mobile terminal of an authentication telephone number, and a callee telephone number when a call is received from the mobile terminal
  • the telephone number authenticating unit notified by the telephone number notifying unit, and a telephone number authenticating unit that determines that the authentication is successful when the caller telephone number is included in the stored basic authentication information in advance .
  • the authentication server of the present invention includes the basic authentication information determination unit, it is possible to prevent acquisition of an authentication telephone number by a person other than the registered regular user. Thereby, even if a portable terminal is stolen, impersonation by persons other than the user of a portable terminal can be prevented. Furthermore, since the authentication server of the present invention includes a phone number notification unit and a phone number authentication unit, authentication can be performed using two pieces of information: the phone number of the mobile terminal and the phone number notified by the authentication server. Thereby, even if there is cooperation of a regular user, impersonation by an unauthorized user can be prevented.
  • the telephone number notification unit notifies the mobile terminal of the authentication telephone number a plurality of times, and the time interval when the authentication telephone number is notified to the mobile terminal is different.
  • the unit measures a time interval at the time when an incoming call is received from the mobile terminal, the caller telephone number matches the authentication telephone number notified to the mobile terminal, and the caller telephone number is the basic authentication information.
  • it is determined that the authentication is successful when the time interval at which the mobile phone is notified of the authentication telephone number and the time interval at which the mobile phone is received are the same. May be. According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
  • the telephone number notification unit notifies the mobile terminal of an authentication telephone number a plurality of times, and notifies the mobile terminal of a different authentication phone number each time the notification is made. Is the same as the caller phone number stored in advance and the phone number of the mobile terminal stored in advance, and the caller phone number and the authentication phone number notified to the mobile terminal immediately before the incoming call are all matched. In this case, it may be determined that the authentication is successful. According to the present invention, an unpredictable telephone number of the mobile terminal can be notified to the mobile terminal, so that the authentication accuracy can be improved.
  • the telephone number authenticating unit measures a time required from the time when the telephone number notifying unit notifies the mobile phone of the authentication telephone number to the time when an incoming call is received from the mobile terminal, If the required time is within a predetermined time, it may be determined that the authentication is successful. According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
  • the telephone number notifying unit further specifies a timing at which the mobile terminal makes a call to the notified authentication telephone number when notifying the mobile terminal of the authentication telephone number.
  • the telephone number authenticating unit may determine that the authentication is successful when the incoming timing from the portable terminal matches the command. According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
  • the telephone number notification unit further transmits a command for reading out information unique to the mobile terminal when notifying the mobile terminal of the authentication telephone number, and the telephone number authentication unit May determine that the authentication is successful when the information received from the portable terminal is included in the basic authentication information. According to the present invention, it is possible to confirm whether or not the mobile terminal that has made a call to the authentication server is a mobile terminal that is stored in advance in the authentication server. Thereby, the impersonation by an unauthorized user can be made more difficult.
  • the telephone number notification unit when the authentication server notifies the portable terminal of the authentication telephone number, the telephone number notification unit further uses the secret information included in the basic authentication information.
  • the number may be encrypted and notified. According to the present invention, since it is not possible to make a telephone call by acquiring a telephone number unless it is a portable terminal pre-stored in the authentication server, it is possible to make spoofing by an unauthorized user even more difficult.
  • An example of the system configuration which performs the authentication method which authenticates the portable terminal which concerns on this embodiment is shown.
  • An example of a pickup diagram of the content storage function unit 23, the user information storage function unit 24, the authentication processing function unit 25, and the content transmission unit 26 is shown.
  • An example of the notification timing of the authentication server and the incoming timing from a portable terminal in Embodiment 3 is shown.
  • FIG. 1 shows an example of a system configuration for executing an authentication method for authenticating a mobile terminal according to the present embodiment.
  • the system configuration according to the present embodiment includes a mobile terminal 1 and an authentication server 2.
  • the conventional authentication method using a solid number of a mobile phone has a drawback that it cannot be used when the mobile terminal 1 is a smartphone, but in the present embodiment, it can be used even when the mobile terminal 1 is a smartphone.
  • the mobile terminal 1 includes a browser function unit 11 and a telephone call function unit 12.
  • the authentication server 2 includes a Web page publishing unit 21, a telephone incoming call function unit 22, a content storage function unit 23, a user information storage function unit 24, an authentication processing function unit 25, and a content transmission unit 26. .
  • FIG. 2 shows an example of a pickup diagram of the content storage function unit 23, the user information storage function unit 24, the authentication processing function unit 25, and the content transmission unit 26.
  • the user information storage function unit 24 includes a basic authentication information determination unit 31 and a user information database 32.
  • the authentication processing function unit 25 includes a telephone number notification unit 33 and a telephone number authentication unit 34.
  • the authentication method for authenticating the mobile terminal includes a basic authentication information transmission procedure, a telephone number notification procedure, a calling procedure, and a determination procedure in this order.
  • a basic authentication information transmission procedure a telephone number notification procedure, a calling procedure, and a determination procedure in this order.
  • the basic authentication information transmission procedure a user who requests content accesses the authentication server 2 using the browser function unit 11 of the mobile terminal 1 (step S1).
  • the authentication server 2 requests basic authentication information from the portable terminal 1 (step S2).
  • the basic authentication information is arbitrary information for authenticating the authorized user, for example, an ID and a password.
  • the basic authentication information may include information unique to the mobile terminal 1 such as a phone number of the mobile terminal 1 and an ID number of a SIM (Subscriber Identity Module) card.
  • SIM Subscriber Identity Module
  • the basic authentication information determination unit 31 of the authentication server 2 refers to the user information database 32, determines whether the basic authentication information is stored in the user information database 32 in advance, and is transmitted. It is determined whether the basic authentication information of the user is that of the authorized user (step S4). Then, the authentication result of the basic authentication information is transmitted to the telephone number notifying unit 33 of the authentication processing function unit 25 (step S5). If the basic authentication information belongs to a regular user, the telephone number notification unit 33 obtains a telephone number that is not used from the telephone incoming call function unit 22 and uses the empty telephone number as a server-side authentication telephone number. The mobile terminal 1 is notified (step S6).
  • the incoming call function unit 22 of the authentication server 2 preferably has a plurality of server-side authentication telephone numbers TN 1 to TN N.
  • the telephone number notification unit 33 notifies the mobile terminal 1 of any server-side authentication telephone number TN 2 among the plurality of server-side authentication telephone numbers TN 1 to TN N.
  • different server-side authentication telephone numbers can be notified in response to an authentication request from the portable terminal 1.
  • the mobile terminal 1 can know the server-side authentication phone number during communication with the authentication server 2, in this embodiment, since a plurality of server-side authentication phone numbers are prepared, an unauthorized user can authenticate the server-side authentication. It becomes difficult to estimate the telephone number for business use.
  • the notified server-side authentication telephone number is rejected until the mobile terminal 1 receives a call after the mobile-terminal 1 is notified of the server-side authentication telephone number.
  • Server-side authentication telephone numbers become widely known as authentication requests increase. In this state, if a method such as Wangiri is used and the server-side authentication telephone number is always in use, the authorized user cannot be authenticated. In order to prevent this, the server-side authentication telephone number is notified from the server, and the telephone reception function unit 22 preferably rejects the server-side authentication telephone number until a telephone call from the user is expected.
  • the browser function unit 11 transfers the received server-side authentication phone number to the phone call function unit 12 (step S7).
  • the telephone call function unit 12 makes a telephone call to the transferred server-side authentication telephone number (step S8).
  • the telephone reception function unit 22 transfers the caller number to the authentication processing function unit 25 (Ste S9).
  • the telephone number authenticating unit 34 determines whether or not the recipient telephone number matches the server-side authentication telephone number TN 2 notified by the telephone number notifying unit 33. Further, the telephone number authentication unit 34 determines whether or not the caller telephone number is included in the basic authentication information. Then, the caller telephone number and the server-side authentication telephone number notified by the telephone number notification unit 33 match in TN 2 , and the caller telephone number is stored in the user information database 32 as the telephone number of the mobile phone 1. If there is, the telephone number authenticating unit 34 determines that the authentication is successful (step S10).
  • the authentication procedure of the present embodiment is a multi-factor authentication method that uses these three types of elements: a user ID and password, a server-side authentication phone number, and a user mobile phone number.
  • the authentication method and authentication server for authenticating the mobile terminal according to the present embodiment can prevent spoofing by a terminal other than the registered regular user even when there is cooperation of the regular user. .
  • the telephone number notification unit 33 when the telephone number notification unit 33 notifies the mobile terminal 1 of the server-side authentication telephone number, the SIM card ID of the information included in the basic authentication information is further added. A command for reading information unique to the mobile terminal such as a number may be transmitted.
  • the mobile terminal 1 in the outgoing call procedure, the mobile terminal 1 reads the information for which the mobile terminal 1 is instructed from its own terminal and transmits it to the authentication server 1.
  • the telephone number authenticating unit 34 determines that the authentication is successful when the information received from the mobile terminal 1 is included in the basic authentication information stored in the user information database 32. Thereby, it can authenticate using the four types of elements which added the specific information of the portable terminal 1 to the above-mentioned three types of elements. Therefore, it is possible to further make impersonation by terminals other than registered regular users more difficult.
  • the phone number notification unit 33 further encrypts the server-side authentication phone number using the secret information included in the basic authentication information. May be notified.
  • the secret information may be information unique to the mobile terminal 1 such as the SIM card ID number, or the authentication server 2 may notify the mobile terminal 1 in advance.
  • the secret information is stored so as to be included in the basic authentication information of the user information database 32 every time it is changed.
  • the portable terminal 1 decrypts the encrypted server-side authentication telephone number using predetermined secret information stored in the terminal, and makes a call to the decrypted server-side authentication telephone number. To do. Thereby, it can authenticate using the four types of elements which added the specific information of the portable terminal 1 to the above-mentioned three types of elements. Therefore, it is possible to further make impersonation by terminals other than registered regular users more difficult.
  • the authentication server 2 may be a program that causes a computer to sequentially execute a basic authentication information transmission procedure, a telephone number notification procedure, a transmission procedure, and a determination procedure.
  • a basic authentication information transmission procedure a telephone number notification procedure
  • a transmission procedure a transmission procedure
  • a determination procedure a determination procedure.
  • an example of a multi-factor authentication method using three types of elements is used, but basic authentication information of a user and a telephone number for server side authentication may be used.
  • Emodiment 2 The authentication method and authentication server for authenticating the mobile terminal according to the present embodiment are different in the transmission procedure and the determination procedure in the authentication method for authenticating the mobile terminal described in the first embodiment. Hereinafter, differences from the first embodiment will be described.
  • the telephone number notification unit 33 stores the time when the mobile terminal 1 is notified of the server-side authentication telephone number in the user information database 32.
  • the telephone number authenticating unit 34 makes a call to the server side authentication telephone number notified by the mobile terminal 1 after the telephone number notifying unit 33 notifies the mobile terminal 1 of the server side authentication telephone number.
  • the required time until the authentication is measured, and when the required time is within a predetermined time, it is determined that the authentication is successful.
  • the time until the mobile terminal 1 makes a call to the server-side authentication telephone number notified may be the time until the incoming call function unit 22 receives an incoming call.
  • the authentication method and the authentication server for authenticating the mobile terminal are limited to the time from when the mobile terminal 1 is notified of the server-side authentication telephone number to when a call is received from the mobile terminal 1. If it exceeds that, it will not be authenticated.
  • the telephone call function unit 12 automatically uses the mobile terminal 1 of the authorized user after the browser function unit 11 of the mobile terminal 1 receives the server-side authentication phone number.
  • the time required for making a call is a time that is equal to or longer than the minimum time previously measured.
  • the predetermined time may be the time required for the authentication server 2 to receive a call after the browser function unit 11 of the mobile terminal 1 receives the server-side authentication telephone number, and may be several seconds, for example. Good.
  • the process of notifying the server-side authentication telephone number from the authentication server 2 and the process of making a telephone call from the portable terminal 1 to the server-side authentication telephone number can be automatically performed. Therefore, the time from when the authentication server 2 notifies its own server-side authentication telephone number to when the user's mobile terminal 1 makes a call is limited to a certain range. If it exceeds that, the authentication can be rejected because there is a possibility that the telephone call is made by some illegal means.
  • the authentication server 2 may be a program that causes a computer to sequentially execute a basic authentication information transmission procedure, a telephone number notification procedure, a transmission procedure, and a determination procedure.
  • An authentication method and an authentication server for authenticating a mobile terminal according to the present embodiment include a telephone call procedure including a telephone number notification procedure and an outgoing call procedure in the authentication method and authentication server for authenticating the mobile terminal described in the first and second embodiments. Is repeatedly performed.
  • points different from the first embodiment will be described with reference to FIG.
  • the telephone number notification unit 33 notifies the mobile terminal 1 of the server-side authentication telephone number a plurality of times, and notifies the mobile terminal 1 of a different server-side authentication telephone number each time the notification is made. preferable. As a result, it is possible to prevent spoofing by acquiring the authentication server-side authentication telephone number in advance.
  • the telephone number notification unit 33 performs notification S1 in the telephone number notification procedure, and the telephone reception function unit 22 receives the incoming call R1 from the mobile terminal 1 in the outgoing procedure.
  • the telephone number notification unit 33 performs notification S2 in the telephone number notification procedure, and the telephone incoming call function unit 22 receives the incoming call R2 from the portable terminal 1 in the outgoing call procedure.
  • the telephone number notification unit 33 performs notification S3 in the telephone number notification procedure, and the telephone incoming call function unit 22 receives the incoming call R3 from the portable terminal 1 in the outgoing call procedure.
  • the call procedure including the phone number notification procedure and the call origination procedure is repeatedly performed. Thereafter, a determination procedure is performed.
  • the time interval between the time points when the telephone number notification unit 33 notifies the mobile terminal 1 of the server-side authentication telephone number is different for each telephone number notification procedure.
  • the time interval between the notification N1 and the notification N2 is different from the time interval between the notification N2 and the notification N3.
  • the telephone number authenticating unit 34 measures the time interval of the incoming time from the mobile terminal 1. For example, the time interval from the incoming call R1 to the incoming call R2 and the time interval from the incoming call R2 to the incoming call R3 are measured. In addition to the determination described in the first embodiment or the second embodiment, the time interval for notifying the mobile terminal 1 of the server-side authentication telephone number and the time interval of the incoming time from the mobile terminal 1 are the same. Then, it is determined that the authentication is successful.
  • the time interval between the notification N1 and the notification N2 matches the time interval from the incoming call R1 to the incoming call R2, and the time interval between the notification N2 and the notification N3 matches the time interval from the incoming call R2 to the incoming call R3. It is determined whether or not.
  • a delay time is provided between consecutive processes, and comprehensive authentication is performed from multiple authentication results.
  • the delay time between processes is preferably set at random.
  • the mobile terminal 1 transmits the notified server-side authentication telephone number.
  • a command for designating the timing for making a call may be transmitted.
  • a time may be specified, or an elapsed time from the time of reception may be specified.
  • the mobile terminal 1 makes a telephone call in the calling procedure, the mobile terminal makes a telephone call to the notified server-side authentication telephone number at the timing when the command is issued.
  • the telephone number authenticating unit 34 determines that the authentication is successful when the incoming timing from the portable terminal 1 matches the command in addition to the determination described in the first or second embodiment. To do.
  • the authentication server 2 may be a program that causes a computer to sequentially execute a basic authentication information transmission procedure, a call procedure, and a determination procedure.
  • the present invention can be applied to the information and communication industry.
  • Mobile terminal 2 Authentication server 11: Browser function unit 12: Telephone call function unit 21: Web page disclosure unit 22: Call reception function unit 23: Content storage function unit 24: User information storage function unit 25: Authentication processing function Unit 26: Content transmission unit 31: Authentication information determination unit 32: User information database 33: Telephone number notification unit 34: Telephone number authentication unit

Abstract

The purpose of the present invention is to prevent fraud by an illegitimate user even when a legitimate user cooperates. This authentication method and authentication server for authenticating a portable terminal involves: transmitting an authentication-server-side telephone number for authentication to a portable terminal (1) of a user from an authentication server (2); the portable terminal (1) calling the telephone number for authentication via a telephone line; and setting in a manner such that at the time of said call from the portable terminal (1), the portable terminal (1) transmits the caller telephone number. As a result, the authentication server (2) authenticates using the following two pieces of information: whether or not the portable terminal (1) telephone number is the telephone number of a legitimate user registered in advance; and whether or the telephone number for authentication transmitted by the authentication server (2) matches.

Description

携帯端末を認証する認証方法及び認証サーバAuthentication method and authentication server for authenticating portable terminal
 本発明は、携帯端末を認証する認証方法及び認証サーバに関する。 The present invention relates to an authentication method and an authentication server for authenticating a mobile terminal.
 現在、携帯電話認証に契約者固有番号が使用されている。携帯電話が個人と離れることがほとんどなく、利用者の生体認証と同等なほどに利用者の一部になっており、携帯電話自体を認証することが利用者を認証することと等価であり、利用者自身がパスワードのように記憶しておく必要がないことが特長のひとつである。使用方法が簡単なためインターネットサービスでの利用者認証に使われている。 Currently, the subscriber unique number is used for mobile phone authentication. The mobile phone is rarely separated from the individual and is part of the user as much as the user's biometric authentication, and authenticating the mobile phone itself is equivalent to authenticating the user, One of the features is that the user does not need to memorize it like a password. Because it is easy to use, it is used for user authentication in Internet services.
 契約者固有番号のほかに携帯端末を認証する認証方法が提案されている(例えば、特許文献1及び2参照。)特許文献1の発明は、認証サーバ側からユーザの携帯電話に電話回線を通じて発呼し、認証サーバ側の電話番号をユーザに入力させる。特許文献2の発明は、インターネット接続機能を用いて認証サーバから受信者端末にIDを送信し、電話接続機能を用いて受信者の携帯電話から認証サーバにIDを送信させる。 An authentication method for authenticating a mobile terminal in addition to a contractor's unique number has been proposed (see, for example, Patent Documents 1 and 2). The invention of Patent Document 1 is issued from the authentication server side to a user's mobile phone through a telephone line. Call and let the user enter the phone number on the authentication server side. In the invention of Patent Document 2, an ID is transmitted from the authentication server to the receiver terminal using the Internet connection function, and an ID is transmitted from the receiver's mobile phone to the authentication server using the telephone connection function.
特表2011-505100号公報Special table 2011-505100 gazette 特開2009-290282号公報JP 2009-290282 A
 従来の携帯電話では、ひとつの認証方式で対応できる。しかし、現在スマートフォンの販売台数が伸びており、スマートフォンに対応した認証方式が必要である。新しい機種が次々にリリースされているスマートフォンは、携帯会社、機種、OS(Operation System)によって、動作が異なる。そのため、統一したひとつの認証方式では確実な認証ができない。最悪それぞれの機種に応じて認証方式を変更する必要がある。 Conventional mobile phones can be handled with a single authentication method. However, the number of smartphones sold is growing, and an authentication method that supports smartphones is necessary. New smartphones released one after another operate differently depending on the mobile company, model, and OS (Operation System). Therefore, reliable authentication cannot be performed with a single unified authentication method. It is necessary to change the authentication method according to each worst model.
 契約者固有番号は利便性の高い認証方法であるが、現在、販売台数が伸びているスマートフォンでは使用できない欠点がある。スマートフォンでは、より一般的なコンピュータのような機器構成とネットワーク構成になることが原因である。 The contractor's unique number is a convenient authentication method, but there is a drawback that it cannot be used with smartphones whose sales volume is currently increasing. This is because smartphones have a more general computer-like device configuration and network configuration.
 利用者の携帯端末の電話番号を利用する利用者認証は、携帯端末の機種に関係なく利用できるが、いったん携帯端末の電話番号が盗まれてしまうと電話番号を変えない限りなりすましを続けられてしまう問題がある。認証サーバ側から音声で送られる認証用のパスワードは、パスワードが盗まれても電話番号などの設定を変更する必要はないが、正規利用者の協力があれば、不正利用者の携帯端末が正規利用者の携帯端末に成りすますことができる問題がある。 User authentication that uses the phone number of the user's mobile device can be used regardless of the model of the mobile device, but once the phone number of the mobile device is stolen, spoofing continues unless the phone number is changed. There is a problem. The password for authentication sent by voice from the authentication server side does not need to change the settings such as the phone number even if the password is stolen, but with the cooperation of an authorized user, the mobile terminal of an unauthorized user is authorized There is a problem that can impersonate the user's mobile terminal.
 特許文献1及び2の発明は、ID又はパスワードを送受信する手段として電話接続機能を用いているにすぎないため、正規利用者の協力があれば、不正利用者が正規利用者に成りすますことができる問題がある。 Since the inventions of Patent Documents 1 and 2 only use the telephone connection function as a means for transmitting and receiving IDs or passwords, unauthorized users become impersonated users with the cooperation of authorized users. There is a problem that can.
 そこで、本発明は、正規利用者の協力がある場合であっても、不正利用者によるなりすましを防止することを目的とする。 Therefore, an object of the present invention is to prevent spoofing by an unauthorized user even when there is cooperation of a regular user.
 上記目的を達成するために、本願発明の携帯端末を認証する認証方法及び認証サーバは、認証サーバから利用者の携帯端末に、認証サーバ側の認証用電話番号を通知し、携帯端末がその認証用電話番号に電話回線を通じて発呼することと、そのときに携帯端末が発信者電話番号を通知する設定にすることで、認証サーバが正規利用者の電話番号であるかどうかを識別できること、この2つの情報を利用して、利用者認証を可能にしている。 In order to achieve the above object, an authentication method and an authentication server for authenticating a mobile terminal of the present invention notify an authentication server-side authentication telephone number from the authentication server to the user's mobile terminal, and the mobile terminal authenticates the authentication. By calling the phone number over the telephone line and setting the mobile terminal to notify the caller phone number at that time, the authentication server can identify whether it is a legitimate user's phone number, Two types of information are used to enable user authentication.
 この2つの情報を利用するため、正規利用者の協力がある場合であっても、不正利用者によるなりすましを防止することができる。さらに、音声通話ができる電話番号が使用できれば利用することができるため、スマートフォンでも利用することができる。 Since these two pieces of information are used, impersonation by unauthorized users can be prevented even when there is cooperation from authorized users. Furthermore, since it can use if the telephone number which can carry out a voice call can be used, it can use also with a smart phone.
 具体的には、本願発明の携帯端末を認証する認証方法は、携帯端末から認証サーバへ、当該携帯端末を識別する情報を含む基本認証情報を送信する基本認証情報送信手順と、前記認証サーバの受信した当該基本認証情報と前記認証サーバに予め記憶されている前記携帯端末の基本認証情報とが一致するか否かを判定し、一致する場合には前記認証サーバから前記携帯端末へ認証用電話番号を通知する電話番号通知手順と、携帯端末から前記認証用電話番号へ、電話回線を通じて発呼する発信手順と、前記発信手順における発信者電話番号と前記認証サーバに予め記憶されている前記携帯端末の電話番号とが一致し、かつ、前記発信手順における着信者電話番号と前記電話番号通知手順で通知した認証用電話番号とが一致する場合に認証成功と判定する判定手順と、を順に有する。 Specifically, an authentication method for authenticating a mobile terminal of the present invention includes a basic authentication information transmission procedure for transmitting basic authentication information including information for identifying the mobile terminal from the mobile terminal to the authentication server, It is determined whether or not the received basic authentication information matches the basic authentication information of the mobile terminal stored in advance in the authentication server. If they match, an authentication telephone is sent from the authentication server to the mobile terminal. A telephone number notification procedure for notifying the number, a calling procedure for calling from the portable terminal to the authentication telephone number through a telephone line, a caller telephone number in the calling procedure, and the mobile phone stored in advance in the authentication server Authentication succeeds when the phone number of the terminal matches and the called party phone number in the calling procedure matches the authentication phone number notified in the phone number notification procedure Having a determination procedure, in this order.
 本願発明の携帯端末を認証する認証方法は、基本認証情報送信手順を有するため、登録された正規利用者以外の者による認証用電話番号の取得を阻止することができる。これにより、携帯端末が盗まれた場合であっても、携帯端末の利用者以外の者によるなりすましを防止することができる。さらに、本願発明の携帯端末を認証する認証方法は、電話番号通知手順、発信手順及び判定手順を有するため、携帯端末の電話番号及び認証サーバの通知した電話番号の2つの情報を用いて認証を行うことができる。これにより、正規利用者の協力がある場合であっても、不正利用者によるなりすましを防止することができる。 Since the authentication method for authenticating the mobile terminal of the present invention has a basic authentication information transmission procedure, it is possible to prevent an authentication telephone number from being acquired by a person other than the registered authorized user. Thereby, even if a portable terminal is stolen, impersonation by persons other than the user of a portable terminal can be prevented. Furthermore, since the authentication method for authenticating the portable terminal of the present invention has a telephone number notification procedure, a calling procedure, and a determination procedure, authentication is performed using two pieces of information: the telephone number of the portable terminal and the telephone number notified by the authentication server. It can be carried out. Thereby, even if there is cooperation of a regular user, impersonation by an unauthorized user can be prevented.
 本願発明の携帯端末を認証する認証方法では、前記電話番号通知手順及び前記発信手順からなる通話手順を繰り返し行い、前記電話番号通知手順において、認証用電話番号を前記認証サーバから前記携帯端末へ通知する時点の時間間隔は、前記電話番号通知手順の度ごとに異なり、前記発信手順において、前記携帯端末から発呼のあった時点の時間間隔を測定し、前記判定手順において、さらに、前記電話番号通知手順における前記認証サーバから前記携帯端末へ認証用電話番号を通知する時間間隔と前記発信手順における前記携帯端末から発呼のあった時点の時間間隔とが一致している場合に、認証成功と判定してもよい。
 本発明により、正規利用者の協力がある場合であっても、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication method for authenticating a portable terminal according to the present invention, a call procedure comprising the telephone number notification procedure and the calling procedure is repeatedly performed, and in the telephone number notification procedure, an authentication telephone number is notified from the authentication server to the portable terminal. The time interval at which the call is made varies depending on the telephone number notification procedure. In the call origination procedure, the time interval at the time when a call is made from the mobile terminal is measured. If the time interval for notifying the mobile terminal of the authentication telephone number from the authentication server in the notification procedure matches the time interval at the time when the call was made from the mobile terminal in the call origination procedure, You may judge.
According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
 本願発明の携帯端末を認証する認証方法では、前記電話番号通知手順及び前記発信手順からなる通話手順を繰り返し行い、前記電話番号通知手順において、前記認証サーバから前記携帯端末へ通知する認証用電話番号は、前記電話番号通知手順の度ごとに異なり、前記判定手順において、さらに、全ての発信者電話番号と予め記憶されている前記携帯端末の電話番号とが一致し、かつ、各前記発信手順における着信者電話番号と各前記発信手順の直前に通知された認証用電話番号とが全て一致する場合に、認証成功と判定してもよい。
 本発明により、携帯端末の予測不可能な電話番号を携帯端末に通知することができるため、認証精度を高めることができる。 In the authentication method for authenticating a portable terminal according to the present invention, the telephone number for notification is sent from the authentication server to the portable terminal in the telephone number notification procedure by repeatedly performing a telephone call procedure comprising the telephone number notification procedure and the calling procedure. Is different for each of the phone number notification procedures, and in the determination procedure, all caller phone numbers and phone numbers of the mobile terminals stored in advance match, and If the called party telephone number and the authentication telephone number notified immediately before each outgoing call procedure all match, it may be determined that the authentication is successful.
According to the present invention, an unpredictable telephone number of the mobile terminal can be notified to the mobile terminal, so that the authentication accuracy can be improved.
 本願発明の携帯端末を認証する認証方法では、前記発信手順において、前記電話番号通知手順における認証用電話番号を前記認証サーバから前記携帯端末へ通知する時点から、前記発信手順における前記携帯端末から発呼のあった時点までの所要時間を測定し、前記判定手順において、さらに、前記所要時間が予め定められた時間内である場合に、認証成功と判定してもよい。
 本発明により、正規利用者の協力がある場合であっても、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication method for authenticating a mobile terminal according to the present invention, in the call origination procedure, from the time when the authentication server number in the phone number notification procedure is notified from the authentication server to the mobile terminal, The time required up to the point in time of the call may be measured, and in the determination procedure, it may be determined that the authentication is successful if the required time is within a predetermined time.
According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
 本願発明の携帯端末を認証する認証方法では、前記電話番号通知手順において、認証用電話番号を前記認証サーバから前記携帯端末へ通知する際に、さらに、前記携帯端末の発呼するタイミングを指定する命令を前記認証サーバから前記携帯端末へ送信し、前記発信手順において、前記命令のあったタイミングに前記携帯端末から発呼し、前記判定手順において、さらに、前記携帯端末からの発呼のタイミングが命令と一致している場合に、認証成功と判定してもよい。
 本発明により、正規利用者の協力がある場合であっても、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication method for authenticating a portable terminal according to the present invention, when the telephone number for authentication is notified from the authentication server to the portable terminal in the telephone number notification procedure, a timing for calling the portable terminal is further specified. A command is transmitted from the authentication server to the mobile terminal, and the mobile terminal makes a call at the timing when the command is issued in the call origination procedure. In the determination procedure, the call timing from the mobile terminal is further determined. If it matches the command, it may be determined that the authentication is successful.
According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
 本願発明の携帯端末を認証する認証方法では、前記電話番号通知手順において、認証用電話番号を前記認証サーバから前記携帯端末へ通知する際に、さらに、前記携帯端末固有の情報を読み出させる命令を前記認証サーバから前記携帯端末へ送信し、前記発信手順において、前記携帯端末の発呼する際に、前記命令のあった情報を前記携帯端末から読み出して前記認証サーバへ送信し、前記判定手順において、さらに、前記携帯端末から受信した情報と予め記憶されている前記携帯端末固有の情報とが一致する場合に、認証成功と判定してもよい。
 本発明により、認証サーバに電話発信した携帯端末が認証サーバに予め記憶されている携帯端末であるか否かを確認することができる。これにより、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication method for authenticating a mobile terminal according to the present invention, in the telephone number notification procedure, when notifying the mobile terminal of an authentication telephone number from the authentication server, a command for reading out information unique to the mobile terminal Is transmitted from the authentication server to the portable terminal, and when the portable terminal makes a call in the calling procedure, the commanded information is read from the portable terminal and transmitted to the authentication server, and the determination procedure is performed. Further, in the case where the information received from the portable terminal matches the information stored in advance that is unique to the portable terminal, it may be determined that the authentication is successful.
According to the present invention, it is possible to confirm whether or not the mobile terminal that has made a call to the authentication server is a mobile terminal that is stored in advance in the authentication server. Thereby, the impersonation by an unauthorized user can be made more difficult.
 本願発明の携帯端末を認証する認証方法では、前記電話番号通知手順において、認証用電話番号を前記認証サーバから前記携帯端末へ通知する際に、前記携帯端末固有の情報を用いて当該認証用電話番号を暗号化して通知し、前記発信手順において、暗号化された認証用電話番号を、前記携帯端末固有の情報を用いて復号化し、復号化した認証用電話番号へ電話回線を通じて発呼してもよい。
 本発明により、認証サーバに電話発信した携帯端末が認証サーバに予め記憶されている携帯端末であるか否かを確認することができる。これにより、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication method for authenticating a mobile terminal of the present invention, in the telephone number notification procedure, when the authentication phone number is notified from the authentication server to the mobile terminal, the authentication phone is used by using information unique to the mobile terminal. The number is encrypted and notified, and in the calling procedure, the encrypted authentication telephone number is decrypted using the information unique to the mobile terminal, and the decrypted authentication telephone number is called through the telephone line. Also good.
According to the present invention, it is possible to confirm whether or not the mobile terminal that has made a call to the authentication server is a mobile terminal that is stored in advance in the authentication server. Thereby, the impersonation by an unauthorized user can be made more difficult.
 具体的には、本願発明の認証サーバは、予め記憶されかつ携帯端末を識別する情報を含む基本認証情報が、前記携帯端末から送信された基本認証情報と一致するか否かを判定する基本認証情報判定部と、前記基本認証情報判定部が一致すると判定すると、認証用電話番号を前記携帯端末に通知する電話番号通知部と、前記携帯端末から電話がかかってきたときに、着信者電話番号と前記電話番号通知部の通知した認証用電話番号とが一致し、かつ、発信者電話番号が予め記憶されている前記基本認証情報に含まれる場合に、認証成功と判定する電話番号認証部と、を備える。 Specifically, the authentication server according to the present invention determines whether basic authentication information, which is stored in advance and includes information for identifying a mobile terminal, matches the basic authentication information transmitted from the mobile terminal. When it is determined that the information determination unit and the basic authentication information determination unit match, a telephone number notification unit for notifying the mobile terminal of an authentication telephone number, and a callee telephone number when a call is received from the mobile terminal And the telephone number authenticating unit notified by the telephone number notifying unit, and a telephone number authenticating unit that determines that the authentication is successful when the caller telephone number is included in the stored basic authentication information in advance .
 本願発明の認証サーバは、基本認証情報判定部を備えるため、登録された正規利用者以外の者による認証用電話番号の取得を阻止することができる。これにより、携帯端末が盗まれた場合であっても、携帯端末の利用者以外の者によるなりすましを防止することができる。さらに、本願発明の認証サーバは、電話番号通知部及び電話番号認証部を備えるため、携帯端末の電話番号及び認証サーバの通知した電話番号の2つの情報を用いて認証を行うことができる。これにより、正規利用者の協力がある場合であっても、不正利用者によるなりすましを防止することができる。 Since the authentication server of the present invention includes the basic authentication information determination unit, it is possible to prevent acquisition of an authentication telephone number by a person other than the registered regular user. Thereby, even if a portable terminal is stolen, impersonation by persons other than the user of a portable terminal can be prevented. Furthermore, since the authentication server of the present invention includes a phone number notification unit and a phone number authentication unit, authentication can be performed using two pieces of information: the phone number of the mobile terminal and the phone number notified by the authentication server. Thereby, even if there is cooperation of a regular user, impersonation by an unauthorized user can be prevented.
 本願発明の認証サーバでは、前記電話番号通知部は、認証用電話番号を前記携帯端末に複数回通知し、認証用電話番号を前記携帯端末に通知する時点の時間間隔が異なり、前記電話番号認証部は、前記携帯端末から着信のあった時点の時間間隔を測定し、着信者電話番号と前記携帯端末に通知した認証用電話番号とが一致し、かつ、発信者電話番号が前記基本認証情報に含まれていることに加え、認証用電話番号を前記携帯端末に通知する時点の時間間隔と前記携帯端末から着信のあった時点の時間間隔とが一致している場合に、認証成功と判定してもよい。
 本発明により、正規利用者の協力がある場合であっても、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication server of the present invention, the telephone number notification unit notifies the mobile terminal of the authentication telephone number a plurality of times, and the time interval when the authentication telephone number is notified to the mobile terminal is different. The unit measures a time interval at the time when an incoming call is received from the mobile terminal, the caller telephone number matches the authentication telephone number notified to the mobile terminal, and the caller telephone number is the basic authentication information. In addition to the above, it is determined that the authentication is successful when the time interval at which the mobile phone is notified of the authentication telephone number and the time interval at which the mobile phone is received are the same. May be.
According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
 本願発明の認証サーバでは、前記電話番号通知部は、認証用電話番号を前記携帯端末に複数回通知し、通知する度に異なる認証用電話番号を前記携帯端末に通知し、前記電話番号認証部は、全ての発信者電話番号と予め記憶されている前記携帯端末の電話番号とが一致し、かつ、着信者電話番号と着信の直前に前記携帯端末に通知した認証用電話番号とが全て一致する場合に、認証成功と判定してもよい。
 本発明により、携帯端末の予測不可能な電話番号を携帯端末に通知することができるため、認証精度を高めることができる。 In the authentication server of the present invention, the telephone number notification unit notifies the mobile terminal of an authentication telephone number a plurality of times, and notifies the mobile terminal of a different authentication phone number each time the notification is made. Is the same as the caller phone number stored in advance and the phone number of the mobile terminal stored in advance, and the caller phone number and the authentication phone number notified to the mobile terminal immediately before the incoming call are all matched. In this case, it may be determined that the authentication is successful.
According to the present invention, an unpredictable telephone number of the mobile terminal can be notified to the mobile terminal, so that the authentication accuracy can be improved.
 本願発明の認証サーバでは、前記電話番号認証部は、前記電話番号通知部が認証用電話番号を前記携帯端末に通知した時点から前記携帯端末から着信のあった時点までの所要時間を測定し、前記所要時間が予め定められた時間内である場合に、認証成功と判定してもよい。
 本発明により、正規利用者の協力がある場合であっても、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication server of the present invention, the telephone number authenticating unit measures a time required from the time when the telephone number notifying unit notifies the mobile phone of the authentication telephone number to the time when an incoming call is received from the mobile terminal, If the required time is within a predetermined time, it may be determined that the authentication is successful.
According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
 本願発明の認証サーバでは、前記電話番号通知部は、認証用電話番号を前記携帯端末に通知する際に、さらに、通知された認証用電話番号へ前記携帯端末が発呼するタイミングを指定する命令を送信し、前記電話番号認証部は、前記携帯端末からの着信タイミングが命令と一致している場合に、認証成功と判定してもよい。
 本発明により、正規利用者の協力がある場合であっても、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication server of the present invention, the telephone number notifying unit further specifies a timing at which the mobile terminal makes a call to the notified authentication telephone number when notifying the mobile terminal of the authentication telephone number. The telephone number authenticating unit may determine that the authentication is successful when the incoming timing from the portable terminal matches the command.
According to the present invention, impersonation by an unauthorized user can be made even more difficult even when there is cooperation from an authorized user.
 本願発明の認証サーバでは、前記電話番号通知部は、認証用電話番号を前記携帯端末に通知する際に、さらに、前記携帯端末固有の情報を読み出させる命令を送信し、前記電話番号認証部は、前記携帯端末から受信した情報が前記基本認証情報に含まれている場合に、認証成功と判定してもよい。
 本発明により、認証サーバに電話発信した携帯端末が認証サーバに予め記憶されている携帯端末であるか否かを確認することができる。これにより、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication server of the present invention, the telephone number notification unit further transmits a command for reading out information unique to the mobile terminal when notifying the mobile terminal of the authentication telephone number, and the telephone number authentication unit May determine that the authentication is successful when the information received from the portable terminal is included in the basic authentication information.
According to the present invention, it is possible to confirm whether or not the mobile terminal that has made a call to the authentication server is a mobile terminal that is stored in advance in the authentication server. Thereby, the impersonation by an unauthorized user can be made more difficult.
 本願発明の認証サーバでは、前記電話番号通知部は、前記認証サーバが認証用電話番号を前記携帯端末に通知する際に、さらに、前記基本認証情報に含まれる秘密情報を用いて当該認証用電話番号を暗号化して通知してもよい。
 本発明により、認証サーバに予め記憶されている携帯端末でなければ電話番号を取得して電話発信することができないため、不正利用者によるなりすましをさらに困難にすることができる。 In the authentication server according to the present invention, when the authentication server notifies the portable terminal of the authentication telephone number, the telephone number notification unit further uses the secret information included in the basic authentication information. The number may be encrypted and notified.
According to the present invention, since it is not possible to make a telephone call by acquiring a telephone number unless it is a portable terminal pre-stored in the authentication server, it is possible to make spoofing by an unauthorized user even more difficult.
 なお、上記各発明は、可能な限り組み合わせることができる。 The above inventions can be combined as much as possible.
 本発明によれば、正規利用者が不正利用者に転送した場合であっても、登録された正規利用者以外の端末によるなりすましを防止することができる。 According to the present invention, even when a regular user transfers to an unauthorized user, impersonation by a terminal other than the registered regular user can be prevented.
本実施形態に係る携帯端末を認証する認証方法を実行するシステム構成の一例を示す。An example of the system configuration which performs the authentication method which authenticates the portable terminal which concerns on this embodiment is shown. コンテンツ蓄積機能部23、利用者情報蓄積機能部24、認証処理機能部25及びコンテンツ送信部26のピックアップ図の一例を示す。An example of a pickup diagram of the content storage function unit 23, the user information storage function unit 24, the authentication processing function unit 25, and the content transmission unit 26 is shown. 実施形態3における認証サーバの通知タイミングと携帯端末からの着信タイミングの一例を示す。An example of the notification timing of the authentication server and the incoming timing from a portable terminal in Embodiment 3 is shown.
 添付の図面を参照して本発明の実施形態を説明する。以下に説明する実施形態は本発明の実施の例であり、本発明は、以下の実施形態に制限されるものではない。なお、本明細書及び図面において符号が同じ構成要素は、相互に同一のものを示すものとする。 Embodiments of the present invention will be described with reference to the accompanying drawings. The embodiments described below are examples of the present invention, and the present invention is not limited to the following embodiments. In the present specification and drawings, the same reference numerals denote the same components.
(実施形態1)
 図1に、本実施形態に係る携帯端末を認証する認証方法を実行するシステム構成の一例を示す。本実施形態に係るシステム構成は、携帯端末1と、認証サーバ2と、を備える。従来の携帯電話の固体番号を利用する認証方式は、携帯端末1がスマートフォンである場合は利用できない欠点があるが、本実施形態では携帯端末1がスマートフォンである場合でも利用可能である。 (Embodiment 1)
FIG. 1 shows an example of a system configuration for executing an authentication method for authenticating a mobile terminal according to the present embodiment. The system configuration according to the present embodiment includes a mobile terminal 1 and an authentication server 2. The conventional authentication method using a solid number of a mobile phone has a drawback that it cannot be used when the mobile terminal 1 is a smartphone, but in the present embodiment, it can be used even when the mobile terminal 1 is a smartphone.
 携帯端末1は、ブラウザ機能部11と、電話発信機能部12と、を備える。認証サーバ2は、Webページ公開部21と、電話着信機能部22と、コンテンツ蓄積機能部23と、利用者情報蓄積機能部24と、認証処理機能部25と、コンテンツ送信部26と、を備える。 The mobile terminal 1 includes a browser function unit 11 and a telephone call function unit 12. The authentication server 2 includes a Web page publishing unit 21, a telephone incoming call function unit 22, a content storage function unit 23, a user information storage function unit 24, an authentication processing function unit 25, and a content transmission unit 26. .
 図2に、コンテンツ蓄積機能部23、利用者情報蓄積機能部24、認証処理機能部25及びコンテンツ送信部26のピックアップ図の一例を示す。利用者情報蓄積機能部24は、基本認証情報判定部31及び利用者情報データベース32を備える。認証処理機能部25は、電話番号通知部33及び電話番号認証部34を備える。 FIG. 2 shows an example of a pickup diagram of the content storage function unit 23, the user information storage function unit 24, the authentication processing function unit 25, and the content transmission unit 26. The user information storage function unit 24 includes a basic authentication information determination unit 31 and a user information database 32. The authentication processing function unit 25 includes a telephone number notification unit 33 and a telephone number authentication unit 34.
 本実施形態に係る携帯端末を認証する認証方法は、基本認証情報送信手順と、電話番号通知手順と、発信手順と、判定手順と、を順に有する。以下、各手順について詳細に説明する。 The authentication method for authenticating the mobile terminal according to this embodiment includes a basic authentication information transmission procedure, a telephone number notification procedure, a calling procedure, and a determination procedure in this order. Hereinafter, each procedure will be described in detail.
 基本認証情報送信手順では、コンテンツを要求する利用者は、携帯端末1のブラウザ機能部11を使用して、認証サーバ2にアクセスする(ステップS1)。認証サーバ2は携帯端末1に、基本認証情報を要求する(ステップS2)。ここで、基本認証情報は、正規利用者を認証するための任意の情報であり、例えばID及びパスワードである。基本認証情報には、携帯端末1の電話番号、SIM(Subscriber Identity Module)カードのID番号などの携帯端末1固有の情報が含まれていてもよい。携帯端末1の利用者は基本認証情報要求に対して、基本認証情報を携帯端末1に入力し、携帯端末1から認証サーバ2へ送信する(ステップS3)。 In the basic authentication information transmission procedure, a user who requests content accesses the authentication server 2 using the browser function unit 11 of the mobile terminal 1 (step S1). The authentication server 2 requests basic authentication information from the portable terminal 1 (step S2). Here, the basic authentication information is arbitrary information for authenticating the authorized user, for example, an ID and a password. The basic authentication information may include information unique to the mobile terminal 1 such as a phone number of the mobile terminal 1 and an ID number of a SIM (Subscriber Identity Module) card. In response to the basic authentication information request, the user of the mobile terminal 1 inputs the basic authentication information to the mobile terminal 1 and transmits it from the mobile terminal 1 to the authentication server 2 (step S3).
 電話番号通知手順では、認証サーバ2の基本認証情報判定部31は、利用者情報データベース32を参照し、基本認証情報が予め利用者情報データベース32に記憶されているか否かを判定し、送信された利用者の基本認証情報が正規利用者のものかどうかを判断する(ステップS4)。そして、基本認証情報の認証結果を、認証処理機能部25の電話番号通知部33に送信する(ステップS5)。基本認証情報が正規利用者のものであれば、電話番号通知部33は、電話着信機能部22から利用していない電話番号を取得し、空き状態の電話番号をサーバ側認証用電話番号として、携帯端末1に通知する(ステップS6)。 In the telephone number notification procedure, the basic authentication information determination unit 31 of the authentication server 2 refers to the user information database 32, determines whether the basic authentication information is stored in the user information database 32 in advance, and is transmitted. It is determined whether the basic authentication information of the user is that of the authorized user (step S4). Then, the authentication result of the basic authentication information is transmitted to the telephone number notifying unit 33 of the authentication processing function unit 25 (step S5). If the basic authentication information belongs to a regular user, the telephone number notification unit 33 obtains a telephone number that is not used from the telephone incoming call function unit 22 and uses the empty telephone number as a server-side authentication telephone number. The mobile terminal 1 is notified (step S6).
 ここで、認証サーバ2の電話着信機能部22は、複数のサーバ側認証用電話番号TN~TNを有していることが好ましい。この場合、電話番号通知部33は、複数のサーバ側認証用電話番号TN~TNのうちの任意のサーバ側認証用電話番号TNを携帯端末1に通知する。認証サーバ2側の電話着信機能を複数もつことで、携帯端末1からの認証要求に応じて異なるサーバ側認証用電話番号を通知することができる。携帯端末1は認証サーバ2との通信のなかでサーバ側認証用電話番号を知ることができるが、本実施形態ではサーバ側認証用電話番号を複数用意するため、不正な利用者がサーバ側認証用電話番号を推定することが困難になる。 Here, the incoming call function unit 22 of the authentication server 2 preferably has a plurality of server-side authentication telephone numbers TN 1 to TN N. In this case, the telephone number notification unit 33 notifies the mobile terminal 1 of any server-side authentication telephone number TN 2 among the plurality of server-side authentication telephone numbers TN 1 to TN N. By providing a plurality of incoming call functions on the authentication server 2 side, different server-side authentication telephone numbers can be notified in response to an authentication request from the portable terminal 1. Although the mobile terminal 1 can know the server-side authentication phone number during communication with the authentication server 2, in this embodiment, since a plurality of server-side authentication phone numbers are prepared, an unauthorized user can authenticate the server-side authentication. It becomes difficult to estimate the telephone number for business use.
 また、電話番号通知手順では、携帯端末1にサーバ側認証用電話番号を通知してから携帯端末1から電話がかかってくるまで、通知したサーバ側認証用電話番号を着信拒否にしておく。サーバ側認証用電話番号は、認証要求が増えるにしたがって、広く知られることとなる。この状態では、ワンギリなどの方法を用い、サーバ側認証用電話番号を常に使用中にすれば、正規利用者の認証が不能になってしまう。これを防ぐために、サーバからサーバ側認証用電話番号を通知し、利用者からの電話が予想されるまで、電話着信機能部22はサーバ側認証用電話番号を着信拒否にしておくことが好ましい。 Further, in the telephone number notification procedure, the notified server-side authentication telephone number is rejected until the mobile terminal 1 receives a call after the mobile-terminal 1 is notified of the server-side authentication telephone number. Server-side authentication telephone numbers become widely known as authentication requests increase. In this state, if a method such as Wangiri is used and the server-side authentication telephone number is always in use, the authorized user cannot be authenticated. In order to prevent this, the server-side authentication telephone number is notified from the server, and the telephone reception function unit 22 preferably rejects the server-side authentication telephone number until a telephone call from the user is expected.
 発信手順では、ブラウザ機能部11は、受信したサーバ側認証用電話番号を電話発信機能部12に転送する(ステップS7)。電話発信機能部12は、転送されたサーバ側認証用電話番号に電話発信する(ステップS8)。 In the calling procedure, the browser function unit 11 transfers the received server-side authentication phone number to the phone call function unit 12 (step S7). The telephone call function unit 12 makes a telephone call to the transferred server-side authentication telephone number (step S8).
 判定手順では、利用者携帯端末1に送られたサーバ側認証用電話番号TNに電話かかかってくると、電話着信機能部22は、その発信者番号を認証処理機能部25に転送する(ステップS9)。電話番号認証部34は、着信者電話番号と電話番号通知部33の通知したサーバ側認証用電話番号TNとが一致するか否かを判定する。さらに、電話番号認証部34は、発信者電話番号が基本認証情報に含まれているか否かを判定する。そして、着信者電話番号と電話番号通知部33の通知したサーバ側認証用電話番号とがTNで一致し、発信者電話番号が携帯電話1の電話番号として利用者情報データベース32に記憶されている場合は、電話番号認証部34は、認証成功と判定する(ステップS10)。 In the determination procedure, when a call is received to the server-side authentication telephone number TN 2 sent to the user portable terminal 1, the telephone reception function unit 22 transfers the caller number to the authentication processing function unit 25 ( Step S9). The telephone number authenticating unit 34 determines whether or not the recipient telephone number matches the server-side authentication telephone number TN 2 notified by the telephone number notifying unit 33. Further, the telephone number authentication unit 34 determines whether or not the caller telephone number is included in the basic authentication information. Then, the caller telephone number and the server-side authentication telephone number notified by the telephone number notification unit 33 match in TN 2 , and the caller telephone number is stored in the user information database 32 as the telephone number of the mobile phone 1. If there is, the telephone number authenticating unit 34 determines that the authentication is successful (step S10).
 本実施形態の認証手順は、利用者のID及びパスワード、サーバ側認証用電話番号並びに利用者の携帯端末の電話番号、この3種類の要素を使用する多要素認証方法である。これにより、本実施形態に係る携帯端末を認証する認証方法及び認証サーバは、正規利用者の協力がある場合であっても、登録された正規利用者以外の端末によるなりすましを防止することができる。 The authentication procedure of the present embodiment is a multi-factor authentication method that uses these three types of elements: a user ID and password, a server-side authentication phone number, and a user mobile phone number. As a result, the authentication method and authentication server for authenticating the mobile terminal according to the present embodiment can prevent spoofing by a terminal other than the registered regular user even when there is cooperation of the regular user. .
 本実施形態では、電話番号通知手順において、電話番号通知部33は、サーバ側認証用電話番号を携帯端末1に通知する際に、さらに、基本認証情報に含まれる情報のうちのSIMカードのID番号などの携帯端末固有の情報を読み出させる命令を送信してもよい。この場合、発信手順において、携帯端末1は、携帯端末1が命令のあった情報を自端末から読み出して認証サーバ1へ送信する。そして、判定手順において、電話番号認証部34は、携帯端末1から受信した情報が利用者情報データベース32に記憶されている基本認証情報に含まれる場合に、認証成功と判定する。これにより、前述の3種類の要素に、さらに携帯端末1の固有の情報を加えた4種類の要素を用いて認証を行うことができる。したがって、登録された正規利用者以外の端末によるなりすましをさらに困難にすることができる。 In this embodiment, in the telephone number notification procedure, when the telephone number notification unit 33 notifies the mobile terminal 1 of the server-side authentication telephone number, the SIM card ID of the information included in the basic authentication information is further added. A command for reading information unique to the mobile terminal such as a number may be transmitted. In this case, in the outgoing call procedure, the mobile terminal 1 reads the information for which the mobile terminal 1 is instructed from its own terminal and transmits it to the authentication server 1. In the determination procedure, the telephone number authenticating unit 34 determines that the authentication is successful when the information received from the mobile terminal 1 is included in the basic authentication information stored in the user information database 32. Thereby, it can authenticate using the four types of elements which added the specific information of the portable terminal 1 to the above-mentioned three types of elements. Therefore, it is possible to further make impersonation by terminals other than registered regular users more difficult.
 また、電話番号通知部33は、認証サーバ2がサーバ側認証用電話番号を携帯端末1に通知する際に、さらに、基本認証情報に含まれる秘密情報を用いてサーバ側認証用電話番号を暗号化して通知してもよい。秘密情報は、SIMカードのID番号などの携帯端末1に固有の情報であってもよいし、認証サーバ2が事前に携帯端末1に通知しておいてもよい。また、秘密情報は、認証のたびに変更することが好ましい。秘密情報は、変更するたびに、利用者情報データベース32の基本認証情報に含まれるように記憶しておく。 In addition, when the authentication server 2 notifies the mobile terminal 1 of the server-side authentication phone number, the phone number notification unit 33 further encrypts the server-side authentication phone number using the secret information included in the basic authentication information. May be notified. The secret information may be information unique to the mobile terminal 1 such as the SIM card ID number, or the authentication server 2 may notify the mobile terminal 1 in advance. Moreover, it is preferable to change secret information for every authentication. The secret information is stored so as to be included in the basic authentication information of the user information database 32 every time it is changed.
 この場合、携帯端末1は、暗号化されたサーバ側認証用電話番号を自端末に記憶されている予め定められた秘密情報を用いて復号化し、復号化したサーバ側認証用電話番号へ電話発信する。これにより、前述の3種類の要素に、さらに携帯端末1の固有の情報を加えた4種類の要素を用いて認証を行うことができる。したがって、登録された正規利用者以外の端末によるなりすましをさらに困難にすることができる。 In this case, the portable terminal 1 decrypts the encrypted server-side authentication telephone number using predetermined secret information stored in the terminal, and makes a call to the decrypted server-side authentication telephone number. To do. Thereby, it can authenticate using the four types of elements which added the specific information of the portable terminal 1 to the above-mentioned three types of elements. Therefore, it is possible to further make impersonation by terminals other than registered regular users more difficult.
 なお、本実施形態に係る認証サーバ2は、基本認証情報送信手順と、電話番号通知手順と、発信手順と、判定手順と、を順にコンピュータに実行させるプログラムであってもよい。また、本実施形態では3種類の要素を使用する多要素認証方法の例であるが、利用者の基本認証情報及びにサーバ側認証用電話番号、この2種類で使用してもよい。 Note that the authentication server 2 according to the present embodiment may be a program that causes a computer to sequentially execute a basic authentication information transmission procedure, a telephone number notification procedure, a transmission procedure, and a determination procedure. In the present embodiment, an example of a multi-factor authentication method using three types of elements is used, but basic authentication information of a user and a telephone number for server side authentication may be used.
(実施形態2)
 本実施形態に係る携帯端末を認証する認証方法及び認証サーバは、実施形態1で説明した携帯端末を認証する認証方法における発信手順及び判定手順が異なる。以下、実施形態1と異なる点について説明する。 (Embodiment 2)
The authentication method and authentication server for authenticating the mobile terminal according to the present embodiment are different in the transmission procedure and the determination procedure in the authentication method for authenticating the mobile terminal described in the first embodiment. Hereinafter, differences from the first embodiment will be described.
 本実施形態では、電話番号通知手順において、電話番号通知部33は、携帯端末1にサーバ側認証用電話番号を通知した時刻を利用者情報データベース32に記憶する。そして、判定手順において、電話番号認証部34は、電話番号通知部33がサーバ側認証用電話番号を携帯端末1に通知してから携帯端末1が通知されたサーバ側認証用電話番号へ電話発信するまでの所要時間を測定し、所要時間が予め定められた時間内である場合に、認証成功と判定する。携帯端末1が通知されたサーバ側認証用電話番号へ電話発信するまでの時間は、電話着信機能部22が着信するまでの時間であってもよい。このように、本実施形態に係る携帯端末を認証する認証方法及び認証サーバは、携帯端末1にサーバ側認証用電話番号を通知してから携帯端末1から電話がかかってくるまでの時間に制限を設けて、それを越えた場合には認証しない。 In this embodiment, in the telephone number notification procedure, the telephone number notification unit 33 stores the time when the mobile terminal 1 is notified of the server-side authentication telephone number in the user information database 32. In the determination procedure, the telephone number authenticating unit 34 makes a call to the server side authentication telephone number notified by the mobile terminal 1 after the telephone number notifying unit 33 notifies the mobile terminal 1 of the server side authentication telephone number. The required time until the authentication is measured, and when the required time is within a predetermined time, it is determined that the authentication is successful. The time until the mobile terminal 1 makes a call to the server-side authentication telephone number notified may be the time until the incoming call function unit 22 receives an incoming call. As described above, the authentication method and the authentication server for authenticating the mobile terminal according to the present embodiment are limited to the time from when the mobile terminal 1 is notified of the server-side authentication telephone number to when a call is received from the mobile terminal 1. If it exceeds that, it will not be authenticated.
 ここで、予め定められた時間は、正規利用者の携帯端末1を用いて、携帯端末1のブラウザ機能部11がサーバ側認証用電話番号を受け取ってから、自動的に電話発信機能部12が電話発信するまでに要する時間を予め測定した最短時間以上の時間である。予め定められた時間は、携帯端末1のブラウザ機能部11がサーバ側認証用電話番号を受け取ってから、認証サーバ2が電話着信するまでに要する時間であってもよく、例えば数秒であってもよい。 Here, for a predetermined time, the telephone call function unit 12 automatically uses the mobile terminal 1 of the authorized user after the browser function unit 11 of the mobile terminal 1 receives the server-side authentication phone number. The time required for making a call is a time that is equal to or longer than the minimum time previously measured. The predetermined time may be the time required for the authentication server 2 to receive a call after the browser function unit 11 of the mobile terminal 1 receives the server-side authentication telephone number, and may be several seconds, for example. Good.
 認証サーバ2からサーバ側認証用電話番号が通知される処理及びそのサーバ側認証用電話番号に携帯端末1から電話発信する処理は、自動的に行うことができる。したがって、認証サーバ2が自身のサーバ側認証用電話番号を通知してから、利用者の携帯端末1が電話発信するまでの時間はある範囲に限定される。それを超えた場合には、なんらかの不正な手段で電話発信してきた可能性があるとして、認証を拒否することができる。 The process of notifying the server-side authentication telephone number from the authentication server 2 and the process of making a telephone call from the portable terminal 1 to the server-side authentication telephone number can be automatically performed. Therefore, the time from when the authentication server 2 notifies its own server-side authentication telephone number to when the user's mobile terminal 1 makes a call is limited to a certain range. If it exceeds that, the authentication can be rejected because there is a possibility that the telephone call is made by some illegal means.
 なお、本実施形態に係る認証サーバ2は、基本認証情報送信手順と、電話番号通知手順と、発信手順と、判定手順と、を順にコンピュータに実行させるプログラムであってもよい。 Note that the authentication server 2 according to the present embodiment may be a program that causes a computer to sequentially execute a basic authentication information transmission procedure, a telephone number notification procedure, a transmission procedure, and a determination procedure.
(実施形態3)
 本実施形態に係る携帯端末を認証する認証方法及び認証サーバは、実施形態1及び実施形態2で説明した携帯端末を認証する認証方法及び認証サーバにおいて、電話番号通知手順及び発信手順からなる通話手順を繰り返し行うことを特徴とする。以下、図3を参照しながら、実施形態1と異なる点について説明する。 (Embodiment 3)
An authentication method and an authentication server for authenticating a mobile terminal according to the present embodiment include a telephone call procedure including a telephone number notification procedure and an outgoing call procedure in the authentication method and authentication server for authenticating the mobile terminal described in the first and second embodiments. Is repeatedly performed. Hereinafter, points different from the first embodiment will be described with reference to FIG.
 電話番号通知手順において、電話番号通知部33は、サーバ側認証用電話番号を携帯端末1に複数回通知し、通知する度に、異なるサーバ側認証用電話番号を携帯端末1に通知することが好ましい。これにより、認証用のサーバ側認証用電話番号を事前に取得することによるなりすましを防止することができる。 In the telephone number notification procedure, the telephone number notification unit 33 notifies the mobile terminal 1 of the server-side authentication telephone number a plurality of times, and notifies the mobile terminal 1 of a different server-side authentication telephone number each time the notification is made. preferable. As a result, it is possible to prevent spoofing by acquiring the authentication server-side authentication telephone number in advance.
 例えば、電話番号通知手順において電話番号通知部33が通知S1を行い、発信手順において電話着信機能部22が携帯端末1から着信R1を受ける。次に、電話番号通知手順において電話番号通知部33が通知S2を行い、発信手順において電話着信機能部22が携帯端末1から着信R2を受ける。次に、電話番号通知手順において電話番号通知部33が通知S3を行い、発信手順において電話着信機能部22が携帯端末1から着信R3を受ける。このように、本実施形態では、電話番号通知手順及び発信手順からなる通話手順を繰り返し行う。そして、その後に判定手順を行う。 For example, the telephone number notification unit 33 performs notification S1 in the telephone number notification procedure, and the telephone reception function unit 22 receives the incoming call R1 from the mobile terminal 1 in the outgoing procedure. Next, the telephone number notification unit 33 performs notification S2 in the telephone number notification procedure, and the telephone incoming call function unit 22 receives the incoming call R2 from the portable terminal 1 in the outgoing call procedure. Next, the telephone number notification unit 33 performs notification S3 in the telephone number notification procedure, and the telephone incoming call function unit 22 receives the incoming call R3 from the portable terminal 1 in the outgoing call procedure. As described above, in this embodiment, the call procedure including the phone number notification procedure and the call origination procedure is repeatedly performed. Thereafter, a determination procedure is performed.
 さらに、本実施形態では、電話番号通知部33がサーバ側認証用電話番号を携帯端末1に通知する時点同士の時間間隔は、電話番号通知手順の度ごとに異なることが好ましい。例えば、通知N1と通知N2の時間間隔と、通知N2と通知N3の時間間隔とは異なる。 Furthermore, in this embodiment, it is preferable that the time interval between the time points when the telephone number notification unit 33 notifies the mobile terminal 1 of the server-side authentication telephone number is different for each telephone number notification procedure. For example, the time interval between the notification N1 and the notification N2 is different from the time interval between the notification N2 and the notification N3.
 この場合、判定手順において、電話番号認証部34は、携帯端末1からの着信時間の時間間隔を測定する。例えば、着信R1から着信R2までの時間間隔と、着信R2から着信R3までの時間間隔と、を測定する。そして、実施形態1又は実施形態2で説明した判定に加え、さらにサーバ側認証用電話番号を携帯端末1に通知する時間間隔と携帯端末1からの着信時間の時間間隔とが一致している場合に、認証成功と判定する。例えば、通知N1と通知N2の時間間隔と着信R1から着信R2までの時間間隔とが一致し、かつ、通知N2と通知N3の時間間隔と着信R2から着信R3までの時間間隔とが一致しているか否かを判定する。 In this case, in the determination procedure, the telephone number authenticating unit 34 measures the time interval of the incoming time from the mobile terminal 1. For example, the time interval from the incoming call R1 to the incoming call R2 and the time interval from the incoming call R2 to the incoming call R3 are measured. In addition to the determination described in the first embodiment or the second embodiment, the time interval for notifying the mobile terminal 1 of the server-side authentication telephone number and the time interval of the incoming time from the mobile terminal 1 are the same. Then, it is determined that the authentication is successful. For example, the time interval between the notification N1 and the notification N2 matches the time interval from the incoming call R1 to the incoming call R2, and the time interval between the notification N2 and the notification N3 matches the time interval from the incoming call R2 to the incoming call R3. It is determined whether or not.
 連続した処理の間に遅延時間を設け、複数回の認証結果から総合的な認証を行う。処理間の遅延時間は、ランダムに設定することが好ましい。また、複数回の認証とともに、実施形態2で説明したように、利用者にサーバ側認証用電話番号を通知してから利用者の携帯端末1から電話がかかってくるまでの時間に制限を設けて、それを越えた場合には認証しない方式を併用して、認証精度を向上してもよい。 A delay time is provided between consecutive processes, and comprehensive authentication is performed from multiple authentication results. The delay time between processes is preferably set at random. In addition to a plurality of authentications, as described in the second embodiment, there is a limit on the time from when the user is notified of the server-side authentication telephone number to when a call is received from the user's mobile terminal 1. If this is exceeded, a method of not authenticating may be used together to improve the authentication accuracy.
 さらに、本実施形態では、電話番号通知手順において、電話番号通知部33は、サーバ側認証用電話番号を携帯端末1に通知する際に、通知されたサーバ側認証用電話番号へ携帯端末1が電話発信するタイミングを指定する命令を送信してもよい。例えば、タイミングは、時刻を指定してもよいし、受信時からの経過時間を指定してもよい。この場合、発信手順において、携帯端末1が電話発信する際に、命令のあったタイミングに、通知されたサーバ側認証用電話番号へ携帯端末が電話発信する。そして、判定手順において、電話番号認証部34は、実施形態1又は実施形態2で説明した判定に加え、さらに、携帯端末1からの着信タイミングが命令と一致している場合に、認証成功と判定する。 Furthermore, in this embodiment, in the telephone number notification procedure, when the telephone number notification unit 33 notifies the mobile terminal 1 of the server-side authentication telephone number, the mobile terminal 1 transmits the notified server-side authentication telephone number. A command for designating the timing for making a call may be transmitted. For example, for the timing, a time may be specified, or an elapsed time from the time of reception may be specified. In this case, when the mobile terminal 1 makes a telephone call in the calling procedure, the mobile terminal makes a telephone call to the notified server-side authentication telephone number at the timing when the command is issued. In the determination procedure, the telephone number authenticating unit 34 determines that the authentication is successful when the incoming timing from the portable terminal 1 matches the command in addition to the determination described in the first or second embodiment. To do.
 なお、本実施形態に係る認証サーバ2は、基本認証情報送信手順と、通話手順と、判定手順と、を順にコンピュータに実行させるプログラムであってもよい。 Note that the authentication server 2 according to the present embodiment may be a program that causes a computer to sequentially execute a basic authentication information transmission procedure, a call procedure, and a determination procedure.
 本発明は情報通信産業に適用することができる。 The present invention can be applied to the information and communication industry.
1:携帯端末
2:認証サーバ
11:ブラウザ機能部
12:電話発信機能部
21:Webページ公開部
22:電話着信機能部
23:コンテンツ蓄積機能部
24:利用者情報蓄積機能部
25:認証処理機能部
26:コンテンツ送信部
31:認証情報判定部
32:利用者情報データベース
33:電話番号通知部
34:電話番号認証部 1: Mobile terminal 2: Authentication server 11: Browser function unit 12: Telephone call function unit 21: Web page disclosure unit 22: Call reception function unit 23: Content storage function unit 24: User information storage function unit 25: Authentication processing function Unit 26: Content transmission unit 31: Authentication information determination unit 32: User information database 33: Telephone number notification unit 34: Telephone number authentication unit

Claims (14)

  1.  携帯端末から認証サーバへ、当該携帯端末を識別する情報を含む基本認証情報を送信する基本認証情報送信手順と、
     前記認証サーバの受信した当該基本認証情報と前記認証サーバに予め記憶されている前記携帯端末の基本認証情報とが一致するか否かを判定し、一致する場合には前記認証サーバから前記携帯端末へ認証用電話番号を通知する電話番号通知手順と、
     携帯端末から前記認証用電話番号へ、電話回線を通じて発呼する発信手順と、
     前記発信手順における発信者電話番号と前記認証サーバに予め記憶されている前記携帯端末の電話番号とが一致し、かつ、前記発信手順における着信者電話番号と前記電話番号通知手順で通知した認証用電話番号とが一致する場合に認証成功と判定する判定手順と、
     を順に有する携帯端末を認証する認証方法。     Basic authentication information transmission procedure for transmitting basic authentication information including information for identifying the mobile terminal from the mobile terminal to the authentication server;
    It is determined whether or not the basic authentication information received by the authentication server matches the basic authentication information of the mobile terminal stored in advance in the authentication server. If they match, from the authentication server to the mobile terminal A phone number notification procedure for notifying the phone number for authentication,
    A calling procedure for calling from the portable terminal to the authentication telephone number through a telephone line;
    The caller telephone number in the outgoing call procedure matches the telephone number of the portable terminal stored in advance in the authentication server, and the caller telephone number in the outgoing call procedure and the authentication notification notified in the telephone number notification procedure A determination procedure for determining successful authentication when the telephone number matches,
    An authentication method for authenticating a mobile terminal that has in order.
  2.  前記電話番号通知手順及び前記発信手順からなる通話手順を繰り返し行い、
     前記電話番号通知手順において、認証用電話番号を前記認証サーバから前記携帯端末へ通知する時点の時間間隔は、前記電話番号通知手順の度ごとに異なり、
     前記発信手順において、前記携帯端末から発呼のあった時点の時間間隔を測定し、
     前記判定手順において、さらに、前記電話番号通知手順における前記認証サーバから前記携帯端末へ認証用電話番号を通知する時間間隔と前記発信手順における前記携帯端末から発呼のあった時点の時間間隔とが一致している場合に、認証成功と判定する
     ことを特徴とする請求項1に記載の携帯端末を認証する認証方法。     Repeat the call procedure consisting of the phone number notification procedure and the calling procedure,
    In the telephone number notification procedure, the time interval at which the authentication telephone number is notified from the authentication server to the mobile terminal is different for each telephone number notification procedure.
    In the calling procedure, measure a time interval at the time when a call is made from the mobile terminal,
    In the determination procedure, a time interval for notifying the mobile terminal of an authentication telephone number from the authentication server in the telephone number notification procedure and a time interval at the time when a call is made from the mobile terminal in the calling procedure The authentication method for authenticating a portable terminal according to claim 1, wherein authentication is determined to be successful if the two match.
  3.  前記電話番号通知手順及び前記発信手順からなる通話手順を繰り返し行い、
     前記電話番号通知手順において、前記認証サーバから前記携帯端末へ通知する認証用電話番号は、前記電話番号通知手順の度ごとに異なり、
     前記判定手順において、さらに、全ての発信者電話番号と予め記憶されている前記携帯端末の電話番号とが一致し、かつ、各前記発信手順における着信者電話番号と各前記発信手順の直前に通知された認証用電話番号とが全て一致する場合に、認証成功と判定する
     ことを特徴とする請求項1又は2に記載の携帯端末を認証する認証方法。     Repeat the call procedure consisting of the phone number notification procedure and the calling procedure,
    In the telephone number notification procedure, the authentication telephone number to be notified from the authentication server to the mobile terminal is different for each telephone number notification procedure.
    In the determination procedure, all the caller telephone numbers and the mobile terminal phone numbers stored in advance coincide with each other, and the callee telephone number in each call procedure is notified immediately before each call procedure. The authentication method for authenticating a mobile terminal according to claim 1, wherein authentication is determined to be successful when all of the authenticated telephone numbers match.
  4.  前記発信手順において、前記電話番号通知手順における認証用電話番号を前記認証サーバから前記携帯端末へ通知する時点から、前記発信手順における前記携帯端末から発呼のあった時点までの所要時間を測定し、
     前記判定手順において、さらに、前記所要時間が予め定められた時間内である場合に、認証成功と判定する
     ことを特徴とする請求項1から3のいずれかに記載の携帯端末を認証する認証方法。     In the calling procedure, the time required from when the authentication server number is notified from the authentication server to the portable terminal in the calling number notification procedure to when the call is made from the portable terminal in the calling procedure is measured. ,
    The authentication method for authenticating a mobile terminal according to any one of claims 1 to 3, wherein, in the determination procedure, the authentication is further determined to be successful when the required time is within a predetermined time. .
  5.  前記電話番号通知手順において、認証用電話番号を前記認証サーバから前記携帯端末へ通知する際に、さらに、前記携帯端末の発呼するタイミングを指定する命令を前記認証サーバから前記携帯端末へ送信し、
     前記発信手順において、前記命令のあったタイミングに前記携帯端末から発呼し、
     前記判定手順において、さらに、前記携帯端末からの発呼のタイミングが命令と一致している場合に、認証成功と判定する
     ことを特徴とする請求項1から3のいずれかに記載の携帯端末を認証する認証方法。     In the telephone number notification procedure, when the authentication telephone number is notified from the authentication server to the mobile terminal, a command for designating a timing for calling the mobile terminal is further transmitted from the authentication server to the mobile terminal. ,
    In the calling procedure, a call is made from the mobile terminal at the timing when the command is issued,
    The portable terminal according to any one of claims 1 to 3, wherein, in the determination procedure, the authentication is determined to be successful when the timing of a call from the portable terminal coincides with the command. Authentication method to authenticate.
  6.  前記電話番号通知手順において、認証用電話番号を前記認証サーバから前記携帯端末へ通知する際に、さらに、前記携帯端末固有の情報を読み出させる命令を前記認証サーバから前記携帯端末へ送信し、
     前記発信手順において、前記携帯端末の発呼する際に、前記命令のあった情報を前記携帯端末から読み出して前記認証サーバへ送信し、
     前記判定手順において、さらに、前記携帯端末から受信した情報と予め記憶されている前記携帯端末固有の情報とが一致する場合に、認証成功と判定する
     ことを特徴とする請求項1から5のいずれかに記載の携帯端末を認証する認証方法。     In the telephone number notification procedure, when notifying the authentication phone number from the authentication server to the mobile terminal, further, a command for reading information unique to the mobile terminal is transmitted from the authentication server to the mobile terminal,
    In the calling procedure, when the mobile terminal makes a call, the information with the command is read from the mobile terminal and transmitted to the authentication server,
    6. The authentication procedure according to claim 1, further comprising: determining that the authentication is successful when the information received from the mobile terminal matches the information stored in the mobile terminal that is stored in advance. An authentication method for authenticating the mobile terminal according to claim 1.
  7.  前記電話番号通知手順において、認証用電話番号を前記認証サーバから前記携帯端末へ通知する際に、前記携帯端末固有の情報を用いて当該認証用電話番号を暗号化して通知し、
     前記発信手順において、暗号化された認証用電話番号を、前記携帯端末固有の情報を用いて復号化し、復号化した認証用電話番号へ電話回線を通じて発呼する
     ことを特徴とする請求項1から6のいずれかに記載の携帯端末を認証する認証方法。     In the telephone number notification procedure, when notifying the authentication phone number from the authentication server to the mobile terminal, the authentication phone number is encrypted and notified using information unique to the mobile terminal,
    2. In the calling procedure, the encrypted authentication telephone number is decrypted using information unique to the mobile terminal, and a call is made to the decrypted authentication telephone number through a telephone line. An authentication method for authenticating the mobile terminal according to any one of claims 6 to 7.
  8.  予め記憶されかつ携帯端末を識別する情報を含む基本認証情報が、前記携帯端末から送信された基本認証情報と一致するか否かを判定する基本認証情報判定部と、
     前記基本認証情報判定部が一致すると判定すると、認証用電話番号を前記携帯端末に通知する電話番号通知部と、
     前記携帯端末から電話がかかってきたときに、着信者電話番号と前記電話番号通知部の通知した認証用電話番号とが一致し、かつ、発信者電話番号が予め記憶されている前記基本認証情報に含まれる場合に、認証成功と判定する電話番号認証部と、
     を備える認証サーバ。     A basic authentication information determination unit that determines whether basic authentication information that is stored in advance and includes information for identifying a mobile terminal matches the basic authentication information transmitted from the mobile terminal;
    When it is determined that the basic authentication information determination unit matches, a telephone number notification unit that notifies the mobile terminal of an authentication telephone number;
    The basic authentication information in which when a call is received from the mobile terminal, the caller telephone number matches the authentication telephone number notified by the telephone number notification unit, and the caller telephone number is stored in advance A phone number authenticating unit that determines that the authentication is successful,
    An authentication server comprising:
  9.  前記電話番号通知部は、認証用電話番号を前記携帯端末に複数回通知し、認証用電話番号を前記携帯端末に通知する時点の時間間隔が異なり、
     前記電話番号認証部は、前記携帯端末から着信のあった時点の時間間隔を測定し、着信者電話番号と前記携帯端末に通知した認証用電話番号とが一致し、かつ、発信者電話番号が前記基本認証情報に含まれていることに加え、認証用電話番号を前記携帯端末に通知する時点の時間間隔と前記携帯端末から着信のあった時点の時間間隔とが一致している場合に、認証成功と判定する
     ことを特徴とする請求項8に記載の認証サーバ。     The telephone number notification unit notifies the mobile terminal of the authentication telephone number a plurality of times, and the time interval at the time of notifying the mobile terminal of the authentication telephone number is different.
    The telephone number authenticating unit measures a time interval at the time when an incoming call is received from the mobile terminal, the caller telephone number matches the authentication telephone number notified to the mobile terminal, and the caller telephone number is In addition to being included in the basic authentication information, when the time interval at which the authentication telephone number is notified to the mobile terminal and the time interval at which the mobile terminal received an incoming call match, The authentication server according to claim 8, wherein authentication is determined to be successful.
  10.  前記電話番号通知部は、認証用電話番号を前記携帯端末に複数回通知し、通知する度に異なる認証用電話番号を前記携帯端末に通知し、
     前記電話番号認証部は、全ての発信者電話番号と予め記憶されている前記携帯端末の電話番号とが一致し、かつ、着信者電話番号と着信の直前に前記携帯端末に通知した認証用電話番号とが全て一致する場合に、認証成功と判定する
     ことを特徴とする請求項8又は9に記載の認証サーバ。     The phone number notification unit notifies the mobile terminal of an authentication phone number a plurality of times, and notifies the mobile terminal of a different authentication phone number every time it is notified,
    The telephone number authenticating unit is configured such that all caller telephone numbers match the telephone number of the portable terminal stored in advance, and the telephone number for authentication notified to the portable terminal immediately before the incoming caller telephone number and the incoming call The authentication server according to claim 8 or 9, wherein if all the numbers match, it is determined that the authentication is successful.
  11.  前記電話番号認証部は、前記電話番号通知部が認証用電話番号を前記携帯端末に通知した時点から前記携帯端末から着信のあった時点までの所要時間を測定し、前記所要時間が予め定められた時間内である場合に、認証成功と判定する
     ことを特徴とする請求項8から10のいずれかに記載の認証サーバ。     The telephone number authenticating unit measures a required time from the time when the telephone number notifying unit notifies the mobile terminal of the authentication telephone number to the time when an incoming call is received from the mobile terminal, and the required time is determined in advance. The authentication server according to any one of claims 8 to 10, wherein the authentication is determined to be successful if within a predetermined time.
  12.  前記電話番号通知部は、認証用電話番号を前記携帯端末に通知する際に、さらに、通知された認証用電話番号へ前記携帯端末が発呼するタイミングを指定する命令を送信し、
     前記電話番号認証部は、前記携帯端末からの着信タイミングが命令と一致している場合に、認証成功と判定する
     ことを特徴とする請求項8から11のいずれかに記載の認証サーバ。     The telephone number notifying unit, when notifying the mobile terminal of an authentication telephone number, further transmits an instruction for designating the timing at which the mobile terminal makes a call to the notified authentication telephone number;
    The authentication server according to any one of claims 8 to 11, wherein the telephone number authentication unit determines that the authentication is successful when an incoming timing from the portable terminal matches a command.
  13.  前記電話番号通知部は、認証用電話番号を前記携帯端末に通知する際に、さらに、前記携帯端末固有の情報を読み出させる命令を送信し、
     前記電話番号認証部は、前記携帯端末から受信した情報が前記基本認証情報に含まれている場合に、認証成功と判定する
     ことを特徴とする請求項8から12のいずれかに記載の認証サーバ。     The telephone number notifying unit, when notifying the mobile terminal of an authentication telephone number, further transmits a command to read out information unique to the mobile terminal,
    The authentication server according to any one of claims 8 to 12, wherein the telephone number authentication unit determines that the authentication is successful when the information received from the portable terminal is included in the basic authentication information. .
  14.  前記電話番号通知部は、前記認証サーバが認証用電話番号を前記携帯端末に通知する際に、さらに、前記基本認証情報に含まれる秘密情報を用いて当該認証用電話番号を暗号化して通知する
     ことを特徴とする請求項8から13のいずれかに記載の認証サーバ。     When the authentication server notifies the mobile phone of the authentication phone number, the phone number notification unit further notifies the authentication phone number using the secret information included in the basic authentication information. The authentication server according to any one of claims 8 to 13, characterized in that:
PCT/JP2011/076943 2011-11-22 2011-11-22 Authentication method and authentication server for authenticating portable terminal WO2013076821A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/076943 WO2013076821A1 (en) 2011-11-22 2011-11-22 Authentication method and authentication server for authenticating portable terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/076943 WO2013076821A1 (en) 2011-11-22 2011-11-22 Authentication method and authentication server for authenticating portable terminal

Publications (1)

Publication Number Publication Date
WO2013076821A1 true WO2013076821A1 (en) 2013-05-30

Family

ID=48469300

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/076943 WO2013076821A1 (en) 2011-11-22 2011-11-22 Authentication method and authentication server for authenticating portable terminal

Country Status (1)

Country Link
WO (1) WO2013076821A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015082140A (en) * 2013-10-21 2015-04-27 株式会社りーふねっと Onetime password issuing device, program, and onetime password issuing method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002335330A (en) * 2001-05-11 2002-11-22 Nippon Telegr & Teleph Corp <Ntt> Method and system for authenticating mobile phone, and program and program recording medium therefor
JP2003009243A (en) * 2001-06-22 2003-01-10 Sumitomo Heavy Ind Ltd Authenticating device and method, network system and computer program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002335330A (en) * 2001-05-11 2002-11-22 Nippon Telegr & Teleph Corp <Ntt> Method and system for authenticating mobile phone, and program and program recording medium therefor
JP2003009243A (en) * 2001-06-22 2003-01-10 Sumitomo Heavy Ind Ltd Authenticating device and method, network system and computer program

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015082140A (en) * 2013-10-21 2015-04-27 株式会社りーふねっと Onetime password issuing device, program, and onetime password issuing method

Similar Documents

Publication Publication Date Title
EP3223549B1 (en) Wireless network access method and access apparatus, client and storage medium
US11399018B2 (en) Network device proximity-based authentication
JP6668407B2 (en) Terminal authentication method and apparatus used in mobile communication system
US9602504B2 (en) Strong Authentication by presentation of a number
CN105898743B (en) A kind of method for connecting network, apparatus and system
DK2924944T3 (en) Presence authentication
JP2012530311A5 (en)
WO2017054617A1 (en) Wifi network authentication method, device and system
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
JP2012530311A (en) How to log into a mobile radio network
US20130305325A1 (en) Methods for Thwarting Man-In-The-Middle Authentication Hacking
JP2007025802A (en) Gate system and gate release method using radio communication terminal
KR20130048695A (en) An authentication system, authentication method and authentication server
EP3566160A1 (en) Method for authenticating a user and corresponding device, first and second servers and system
CN102984335A (en) Identity authentication method, equipment and system for making fixed-line call
WO2015113351A1 (en) Information processing method, terminal and server, and communication method and system
CN107172620B (en) Wireless local area network authentication method and device
EP2482575B1 (en) Authenticating and localizing a mobile user
JP5850270B2 (en) Mobile terminal authentication system and method
WO2013076821A1 (en) Authentication method and authentication server for authenticating portable terminal
KR20120089388A (en) Method for Requesting Caller Authentication of Voice Network using Data Network, Caller Device and Program
WO2015151251A1 (en) Network service providing device, network service providing method, and program
JP2009232108A (en) Communication device and computer program
WO2018103527A1 (en) Authentication method and authentication device
KR101607234B1 (en) System and method for user authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11876056

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11876056

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP