CN101443776A - Authentication computer and program - Google Patents
Authentication computer and program Download PDFInfo
- Publication number
- CN101443776A CN101443776A CNA2007800169431A CN200780016943A CN101443776A CN 101443776 A CN101443776 A CN 101443776A CN A2007800169431 A CNA2007800169431 A CN A2007800169431A CN 200780016943 A CN200780016943 A CN 200780016943A CN 101443776 A CN101443776 A CN 101443776A
- Authority
- CN
- China
- Prior art keywords
- authentication
- mentioned
- items
- addresses
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
It is possible to provide an individual authentication system having a high safety and user-friendliness. An authentication computer stores user information. Upon reception of an authentication request from a client computer, the authentication computer allocates a mail address not allocated to any of authentication requests received previously among mail addresses which can be received by the authentication computer, to the received authentication request. Upon reception of an e-mail and an authentication result request from a client computer, the authentication computer identifies the authentication request corresponding to the received authentication result request, identifies the mail address of the transmission source of the e-mail destined to the mail address allocated to the identified authentication request, references the user information, identifies the user corresponding to the mail address of the identified transmission source, and transmits information corresponding to the identified user to the client computer as the transmission source of the received authentication result request.
Description
Technical field
The present invention relates to Verification System, authentication computer and program.
Background technology
In the past, provided to the specific user under the situation of service, the combination of user ID and password as the personal authentication by known.For example, via the people of login WEB website, internet, according to the WEB picture that shows in the personal computer that will operate, input user ID and password send authentication request to the WEB server.In addition, under the situation of the user of financial institution drawing money from a bank from the ATM of financial institution, cash card inserted ATM after, the input password sends authentication request to server, user ID at this moment is exactly a cash card.
But the user of WEB website need be according to the picture input user ID and the password of WEB website.In addition, this authentication method is extensively popularized, and is used in the WEB website of internet banking and various ecommerce.Therefore, a user ID and password increase that the people must manage.When the user of WEB website has forgotten user ID or password, just must inquire user ID or password, and can not enjoy the convenience of WEB website to website operator.In addition, not after user's people takes user ID and password by force, to pretend to be and conclude the business, this becomes social concern.As the means of taking user ID and password by force, known to fishing swindle (fishing) or spyware arranged.So-called fishing swindle is, is provided with and living forgery website, regular WEB website, make the user input user ID and password after, the behavior of taking user ID and password by force.So-called spyware is the software that is mounted under the ignorant situation of the user of personal computer, reads various user ID and password that the user inputs, notifies the software of listener-in's server via the internet.If the transaction of pretending to be in internet banking or the ecommerce has been set up, the extensive damage of breaking one's promise of website and compensation problem also can take place in user not only for the operator of WEB website.
The user of financial institution in the ATM of financial institution in the drawing money from a bank, cash card need be inserted ATM after, the input password.And under the situation that the video camera password is taken on the sly, cash card is stolen of taking on the sly, the user that deposit will be pretended to be proposes.Be not only the depositor, even bank can break one's promise also and the extensive damage of compensation problem.
The user who discloses the WEB website in patent documentation 1 inputs to the WEB website with user ID and password when accepting authentication, by to specific phone number dial, come the authenticating method of authenticated.
The user who discloses the WEB website in patent documentation 2 as user ID, is input to the WEB website with telephone number when accepting authentication, by to specific phone number dial, come the authenticating method of authenticated.
The open 2002-229951 of [patent documentation 1] Jap.P.
The open 2004-213440 of [patent documentation 2] Jap.P.
Summary of the invention
Invent technical matters to be solved
According to the technology of patent documentation 1, in order to utilize sender's telephone number, under the situation that user ID and password are taken by force, also can prevent personation.And according to the technology of patent documentation 2, in order to utilize sender's telephone number, the telephone number of pretending to be is input under the situation of WEB website, also can prevent to pretend to be.But in patent documentation 1 and 2 the technology, the user can not follow under the situation of dialing of sender's number notifying, can not authenticate.For example, under the situation that the mobile phone electric wave can not arrive, can not authenticate.
And, in patent documentation 1 and 2 the technology, can not correctly hold the corresponding relation of the computing machine of the user of the dialing of having carried out following sender's number notifying and this user operation.Therefore, patent documentation 1 and 2 technology can not provide the authentication of high security and high convenience.For example, in patent documentation 1 and 2 the technology, not user's the user ID of people by the proper user of input repeatedly etc., may pretend to be this proper user.Specifically, after this proper user has carried out authentication for particular telephone number by dialing,, not that proper user's people will be certified as proper user if mistakenly once more to this particular number dialing.
The present invention makes in view of the above problems, is purpose with the individual authentication system that high security and high convenience are provided.
The technical scheme of technical solution problem
A kind of authentication computer, be connected with a plurality of client computers via network, and possesses processor, storer and interface, it is characterized in that, above-mentioned memory stores is represented the user profile of corresponding relation of user and this user's addresses of items of mail, after above-mentioned processor receives authentication request from above-mentioned client computer, addresses of items of mail in the addresses of items of mail that this authentication computer can be received, that be not assigned to the authentication request that receives before any one is distributed to the authentication request of this reception; Receive Email; After receiving the authentication result request from above-mentioned client computer, determine the corresponding authentication request of authentication result request with this reception; Determine to be assigned to the transmission source addresses of items of mail of the addresses of items of mail of above-mentioned definite authentication request as the Email that sends the destination; With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail; To send to client computer with above-mentioned definite user's information corresponding as the transmission source of the authentication result request of above-mentioned reception.
The invention effect
According to representative embodiments of the present invention, can improve the security and the convenience of individual authentication system.
Description of drawings
The summary pie graph of the individual authentication system of [Fig. 1] the 1st embodiment.
The formation block diagram of [Fig. 2] customer set up 10.
The formation block diagram of [Fig. 3] email authentication device 3.
The functional block diagram of [Fig. 4] email authentication device 3.
[Fig. 5] is stored in authentication in the auxilary unit 34 of email authentication device 3 with the pie graph of addresses of items of mail corresponding tables 341.
[Fig. 6] is stored in the pie graph of the user management table 342 in the auxilary unit 34 of email authentication device 3.
The sequence chart of the processing of the authenticating method of [Fig. 7] the 1st embodiment.
The summary pie graph of the individual authentication system of [Fig. 8] the 3rd embodiment.
The sequence chart of the processing of the authenticating method of [Fig. 9] the 3rd embodiment.
The summary pie graph of the individual authentication system of [Figure 10] the 5th embodiment.
The summary pie graph of the individual authentication system of [Figure 11] the 6th embodiment.
[Figure 12] is stored in authentication in the auxilary unit of email authentication device 3 of the 10th embodiment with the pie graph of addresses of items of mail corresponding tables 20341.
[Figure 13] is stored in authentication in the auxilary unit 34 of email authentication device 3 of the 11st embodiment with the pie graph of addresses of items of mail corresponding tables 341.
The sequence chart of the processing of the authenticating method of [Figure 14] the 11st embodiment.
[Figure 15] is stored in authentication in the auxilary unit 34 of email authentication device 3 of the 12nd embodiment with the pie graph of addresses of items of mail corresponding tables 341.
The sequence chart of the processing of the authenticating method of [Figure 16] the 12nd embodiment.
Symbol description
1 internet
3 email authentication devices
5 import the WEB server
9 networks
10 customer set ups
11 transceiver parts
12 central processing units
13 main storage means
14 auxilary units
31 transceiver parts
32 central processing units
33 main storage means
34 auxilary units
60 mobile phones
300 authentication procedures
331 primary modules
333 authentication request ID generation modules
334 authentication addresses of items of mail generation modules
335 authentication addresses of items of mail sending modules
336 mail reception modules
337 receive the mail read module
338 authentication modules
339 authentication result sending modules
341 authentication addresses of items of mail corresponding tables
342 user management tables
903 email authentication devices
923 ATM email authentication devices
943 email authentication isolated plants
2010 ATM
2060 mobile phones
2110 reading devices
3321 authentication request receiver modules
3322 authentication result request receiver modules
3411 authentication request ID
3412 authentication addresses of items of mail
3413 user mail addresses
3421 user ID
3422 addresses of items of mail
20341 authentication addresses of items of mail corresponding tables
203411 Customer IDs
Embodiment
With reference to drawing explanation embodiments of the present invention.
(the 1st embodiment)
Fig. 1 is the summary pie graph of the individual authentication system of the 1st embodiment.Individual authentication system shown in Fig. 1 possesses a plurality of customer set ups 10 and email authentication device 3.Customer set up 10 is computing machines of being operated by the user who plans to accept to authenticate.And customer set up 10 is connected to network 9.About customer set up 10, will in Fig. 2, describe in detail.In addition, network 9 is data communication networks such as special-purpose gauze, common exchanging telephone line network or LAN.Simultaneously, network 9 can be an internal network, also can be the internet.Email authentication device 3 is connected to customer set up 10 via network 9.Specifically, email authentication device 3 is connected to customer set up 10 via internal network or internet.In addition, email authentication device 3 also can possess the internet with and the internal network interface.In this case, email authentication device 3 is connected with several customer set ups 10 via the internet, further, is connected with other several customer set ups 10 via internal network.Relevant email authentication device 3 will describe in detail in Fig. 3.In addition, for clearly explanation, in the individual authentication system of the 1st embodiment, describe for the authentication processing of 1 customer set up 10.In fact, the authentication carried out a plurality of customer set ups 10 via network 9 of email authentication device 3.That is to say that email authentication device 3 can receive the authentication result request from a plurality of customer set ups 10.In addition, in Fig. 1, illustrate two customer set ups 10, but possessing how many platforms in individual authentication system can.
Fig. 2 is the formation block diagram of the customer set up 10 that possessed in the individual authentication system of the 1st embodiment.Customer set up 10 is the computer systems that physically possess transceiver part 11, central processing unit 12, main storage means 13, auxilary unit 14, input media (diagram is omitted) and display device (diagram is omitted) etc.Transceiver part 11 be connected to network 9 and with the interface of device (the email authentication device 3) transceive data of outside.Central processing unit 12 for example is CPU.Central processing unit 12 carries out various processing by the program that execution is stored in the main storage means 13.Main storage means 13 for example is a storer.Program that main storage means 13 storage is carried out by central processing unit 12 and central processing unit 12 are thought necessary information etc.Auxilary unit 14 for example is a hard disk.Auxilary unit 14 storing various information.Input media for example is mouse, keyboard or touch-screen.The user imports various information in input media.Display device is a display.Information by central processing unit 12 indicated numbers is displayed in the display device.In addition, as long as customer set up 10 possesses transceiver part 11, central processing unit 12 and main storage means 13, just can be any form.For example, customer set up 10 is personal computer, server, mobile phone or ATM etc.
Fig. 3 is the formation block diagram of the email authentication device 3 that possessed in the individual authentication system of the 1st embodiment.Email authentication device 3 is the computer systems that physically possess transceiver part 31, central processing unit 32, main storage means 33, auxilary unit 34, input media (diagram is omitted), display device (diagram is omitted) etc.In addition, IP address and territory (DOMAIN) that is used to receive Email is assigned to email authentication device 3.Transceiver part 31 be connected to network 9 and with the interface of external device (ED) (customer set up 10) transceive data.Central processing unit 32 for example is CPU.Central processing unit 32 carries out various processing by program stored in the execution main storage means 33.Main storage means 33 for example is a storer.Main storage means 33 is used to store the program carried out by central processing unit 32 and central processing unit 32 and thinks necessary information etc.Auxilary unit 34 for example is a hard disk.Auxilary unit 34 is used for storing various information.Input media for example is mouse, keyboard or touch-screen.Various information are input in the input media by the supvr.Display device is a display.Information by central processing unit 32 indicated numbers is displayed in the display device.In addition, as long as email authentication device 3 possesses transceiver part 31, central processing unit 32 and main storage means 33, just can be any form.For example, email authentication device 3 is personal computer or server etc.
Fig. 4 is the functional block diagram of the email authentication device 3 of first embodiment.The authentication procedure 300 of first embodiment is stored in the auxilary unit 34 of email authentication device 3.The authentication procedure 300 of the 1st embodiment is performed, and will store primary module 331, authentication request receiver module 3321, authentication result request receiver module 3322, authentication request ID generation module 333, authentication addresses of items of mail generation module 334, authentication addresses of items of mail sending module 335, mail reception module 336 in the main storage means 33 of email authentication device 3, receive mail read module 337, authentication module 338 and authentication result sending module 339.
The integral body of the processing of this email authentication device 3 of primary module 331 house stewards.
Authentication request receiver module 3321 receives authentication request from customer set up 10.
Authentication result request receiver module 3322 receives the authentication result request from customer set up 10.
Authentication request ID generation module 333 generates authentication request ID.Afterwards, authentication request ID generation module 333 is distributed to the authentication request ID that is generated the authentication request that is received by authentication request receiver module 3321.Authentication request ID is the unique identifier of authentication request.Suppose that email authentication device 3 receives authentication request simultaneously from a plurality of customer set ups 10, then distribute different authentication request ID for each authentication request that is received.And email authentication device 3 can receive the 2nd authentication request from the customer set up 10 in the transmission source of the 1st authentication request handling as this in handling the process of the 1st authentication request.In this case, 3 authentication request IDs different with the 1st authentication request of email authentication device distribute to the 2nd authentication request.Thus, email authentication device 3 can be handled a plurality of authentication request of sending from same customer set up 10 simultaneously.Authentication request ID generation module 333 generates authentication request ID according to the generation of random number, application software ID and authentication request ID constantly etc.And application software ID is the unique identifier that is installed in the authentication procedure 300 in this email authentication device 3, and general as permitting key by known, omits detailed explanation here.In addition, as long as the generation method of authentication request ID is reached its purpose, also can with additive method.
Authentication is with the newly-generated addresses of items of mail that can be received by email authentication device 3 of addresses of items of mail generation module 334.Afterwards, authentication is used addresses of items of mail with the addresses of items of mail that generates as authentication with addresses of items of mail generation module 334, distributes to the authentication request ID that is generated by authentication request ID generation module 333.Thus, authentication becomes man-to-man relation with addresses of items of mail and authentication request ID.That is to say that utilize the authentication addresses of items of mail, authentication request is determined by unique.In addition, authentication with addresses of items of mail generation module 334 can will authenticate distribute to authentication request ID with addresses of items of mail after through the stipulated time after, remove the distribution that authenticates the usefulness addresses of items of mail.And authentication also can wait other opportunity comprising the authentication of authentication request finished with addresses of items of mail generation module 334, removes the distribution for the authentication usefulness addresses of items of mail of this authentication request.Releasing utilizes the pretend to be visit of this authentication with addresses of items of mail to the distribution of the authentication usefulness addresses of items of mail of authentication request with not existing.Authentication for example can be after later such distribution in 10 minutes through the moment behind the certain hour with the de-allocation of addresses of items of mail period.About authenticating de-allocation period, by implementer's decision of the present invention with addresses of items of mail.
The authentication of authentication request is used the concrete grammar of the distribution of addresses of items of mail with specifically telling about releasing here.For example, authentication is discarded the authentication addresses of items of mail of planning releasing with addresses of items of mail generation module 334.After authentication goes out of use with addresses of items of mail, email authentication device 3 can not receive Email with addresses of items of mail with this authentication.And, authentication with addresses of items of mail generation module 334 from authentication with the authentication of selecting the addresses of items of mail corresponding tables 341 to plan to remove with addresses of items of mail and authentication with the authentication of the addresses of items of mail corresponding tables 341 consistent record of addresses of items of mail 3412.Then, authentication is used from authentication with addresses of items of mail generation module 334 and is deleted selected record the addresses of items of mail corresponding tables 341.As long as releasing is reached its purpose to the authentication of authentication request with the method for the distribution of addresses of items of mail, additive method also can.In addition, about authentication with addresses of items of mail corresponding tables 341 (Fig. 5), will after detailed explanation.
Next, the explanation authentication is used an example of the generation method of addresses of items of mail with the authentication of addresses of items of mail generation module 334.Authentication according to the territory that is assigned to authentication request ID and email authentication device 3, generates the authentication addresses of items of mail with addresses of items of mail generation module 334.Authentication request ID is that [0029382] and territory are under the situation of [authadd.com], and authentication generates as authentication [0029382@authadd.com] with addresses of items of mail generation module 334 with addresses of items of mail.Because authentication request ID is unique, so authentication also is unique with addresses of items of mail.In addition, authentication if authentication is man-to-man relation with addresses of items of mail and authentication request ID, just needn't be used authentication request ID with the generation method of addresses of items of mail.As long as authentication is reached its purpose with the generation method of addresses of items of mail, also can with additive method.
Fig. 5 is stored in authentication in the auxilary unit 34 of email authentication device 3 of the 1st embodiment with the pie graph of addresses of items of mail corresponding tables 341.Authentication comprises authentication request ID3411, authenticates with addresses of items of mail 3412 and user mail address 3413 with addresses of items of mail corresponding tables 341.Authentication request ID3411 is unique identifier of authentication request.Authentication is the addresses of items of mail that distribute to the authentication request that the authentication request ID3411 by this record discerns with addresses of items of mail 3412.User mail address 3413 is addresses of items of mail of the user of request authentication.In addition, in the present embodiment, the user mail address is that the unique identifier as the user is used.
Get back to Fig. 4.Replace authentication with addresses of items of mail generation module 334, also can be in the main storage means 33 of email authentication device 3 authentication storage addresses of items of mail distribution module.In this case, preestablish a plurality of these email authentication device 3 receivable addresses of items of mail in the email authentication device 3.Authentication from email authentication device 3 receivable addresses of items of mail, determines not to be assigned to the addresses of items of mail of the authentication request ID that generates before any one with the addresses of items of mail distribution module.Then, authentication is used addresses of items of mail with determined addresses of items of mail as authentication with the addresses of items of mail distribution module, distributes to the authentication request ID that is generated by authentication request ID generation module 333.That is to say that authentication can not distributed to other authentication request to the authentication of distributing to authentication request ID with addresses of items of mail with the addresses of items of mail distribution module.In this case, authentication also is man-to-man relation with addresses of items of mail and authentication request ID.That is to say that utilize authentication to use addresses of items of mail, authentication request will be determined uniquely.But authentication need be removed the addresses of items of mail of distribution use to(for) the authentication of authentication request ID with the addresses of items of mail distribution module.Will be not enough because be assigned to the addresses of items of mail of authentication request ID.For example, authentication with the addresses of items of mail module assigns authentication with behind the addresses of items of mail through after the stipulated time, remove the distribution of authentication with addresses of items of mail.In addition, authentication after the authentication of finishing authentication request, is removed the distribution of the authentication of this authentication request being used addresses of items of mail with the addresses of items of mail distribution module.Afterwards, authentication is used addresses of items of mail with the addresses of items of mail that distribution is disengaged as authentication with the addresses of items of mail distribution module, can distribute to different authentication request ID once more.But email authentication device 3 can not authenticate the user of Duoing than the quantity of predefined addresses of items of mail at the appointed time.Because if email authentication device 3 receivable all addresses of items of mail all have been assigned to authentication request ID, authentication can not distribute addresses of items of mail to give newly-generated authentication request ID with the addresses of items of mail distribution module.Therefore, preferably only preestablish email authentication device 3 receivable addresses of items of mail according to the quantity that scale is provided corresponding to service.In addition, authentication is removed the method for the authentication of authentication request being used the distribution of addresses of items of mail with the addresses of items of mail distribution module, because of identical with addresses of items of mail generation module 334 with authentication, so omit explanation.
Authenticate with addresses of items of mail sending module 335 and will be sent to customer set up 10 by authenticating the authentication request ID that the authentication that generates with addresses of items of mail generation module 334 is used addresses of items of mail and generated by authentication request ID generation module 333.
Receive the addresses of items of mail that mail read module 337 is obtained the transmission source and sent the destination from the Email of mail reception module 336 receptions.
Fig. 6 is the pie graph that is stored in the user management table 342 in the auxilary unit 34 of email authentication device 3 of the 1st embodiment.User management table 342 comprises user ID 3421 and addresses of items of mail 3422.User ID 3421 is to accept unique identifier of the user of authentication by the email authentication device 3 of the 1st embodiment.Addresses of items of mail 3422 is user's the e-mail addresses that utilize user ID 3421 identification of this record.Usually, addresses of items of mail 3422 is the e-mail addresses that can only be used by the user of user ID 3421 identifications that utilize this record.Because of comprising private contents in the Email, therefore most individuals has own special-purpose e-mail address.In addition, to possess other intrinsic information of user also passable for user management table 342.User's intrinsic information for example comprises at least one in user name, password, credit card number, cash card number, user biological information, schedule, operation history and the residue deposit.That is to say that in user management table 342, user's intrinsic information is managed corresponding to user ID 3421.
The user of the email authentication device 3 of the 1st embodiment is the method by stipulating in advance, login user ID3421 and addresses of items of mail 3422 in user management table 342.In addition, under the situation that addresses of items of mail 3422 is used as user ID, user ID 3421 can be omitted.
The authentication result that authentication result sending module 339 is judged authentication module 338 is sent to customer set up 10.
Next, utilize figure that the processing of the authenticating method of the 1st embodiment is described.Fig. 7 is the sequence chart of processing of the authenticating method of the 1st embodiment.
Customer set up 10 as opportunity, sends to email authentication device 3 (ST111) with authentication request via network 9 with user's operation.
Next, email authentication device 3 authentication that will generate sends to customer set up 10 (ST116) with addresses of items of mail and authentication request ID via network 9.
Customer set up 10 receives authentication addresses of items of mail and authentication request ID (ST117) from email authentication device 3.
As opportunity, send with authentication via network 9 is the Email (ST118) of destination with addresses of items of mail to customer set up 10 with user's operation.
Afterwards, email authentication device 3 receives Email (ST119) from customer set up 10.Next, email authentication device 3 is obtained the addresses of items of mail that sends the destination from the Email that receives.Next, the discarded corresponding to authentication addresses of items of mail of addresses of items of mail with the transmission destination of obtaining of email authentication device 3.At this moment, email authentication device 3 can judge whether the addresses of items of mail in transmission source of the Email of this reception is pretended.Afterwards, email authentication device 3 only under the situation that the addresses of items of mail of judging the transmission source is not pretended, just carries out following processing.In addition, can judge the camouflage of transmission source addresses of items of mail with any method.
Next, email authentication device 3 is obtained the addresses of items of mail of transmission source and transmission destination from the Email that receives.Next, the transmission destination addresses of items of mail obtained with selection the addresses of items of mail corresponding tables 341 from authentication of email authentication device 3 and authentication are with the consistent record of the authentication usefulness addresses of items of mail 3412 of addresses of items of mail corresponding tables 341.Next, email authentication device 3 is stored obtained transmission source addresses of items of mail (ST120) in the user mail address 3413 of selected record.
On the other hand, the customer set up 10 authentication result request that will comprise authentication request ID is delivered to email authentication device 3 (ST121) by network 9.In addition, customer set up 10 with user's operation as opportunity send the authentication result request also can, each is fixed time, and to send authentication result request also passable.
Afterwards, email authentication device 3 receives authentication result request (ST122) from customer set up 10.Next, email authentication device 3 is obtained authentication request ID from the authentication result request that receives.Next, email authentication device 3 is from the authentication consistent record of authentication request ID3411 of selecting obtained authentication request ID and authentication to use addresses of items of mail corresponding tables 341 the addresses of items of mail corresponding tables 341.Next, email authentication device 3 is extracted user mail address 3413 out from selected record.In addition, email authentication device 3 is judged to be under the situation that can't extract user mail address 3413 out and can not authenticates.On the other hand, email authentication device 3 is selected the consistent record (ST123) of addresses of items of mail 3422 of the user mail address 3413 of extracting out and user management table 342 (Fig. 6) from user management table 342.Email authentication device 3 can't be extracted out from user management table 342 under the situation of record of addresses of items of mail unanimity, will be judged to be and can not authenticate.In addition, in the 1st embodiment, the user that email authentication device 3 will not sign in in the user management table 342 in advance is judged to be and can not authenticates.But email authentication device 3 can authenticate the user who does not sign in in advance in the user management table 342 as new user.In this case, email authentication device 3 generates new user ID in the time can't extracting the record of addresses of items of mail unanimity out from user management table 342.At this moment, email authentication device 3 with not with user management table 342 in the mode that repeats of all user ID 3421 of comprising, generate user ID.Next, email authentication device 3 generates new record in user management table 342.Then, email authentication device 3 is stored the user ID that is generated in the user ID 3421 of newly-generated record.And, the email authentication device 3 user mail address 3413 that storage is extracted out in the addresses of items of mail 3422 of the new record that generates.Like this, email authentication device 3 with the user ID that generates with store into accordingly the user management table 342 from the transmission source addresses of items of mail that Email is obtained.Afterwards, email authentication device 3 is permitted authentication with the user corresponding with the transmission destination addresses of items of mail of obtaining from Email as new user.In addition, email authentication device 3 can receive the user's who is logged intrinsic information from customer set up 10.Afterwards, email authentication device 3 is stored the user's intrinsic information that is received in newly-generated record.In addition, user's intrinsic information is comprised in the authentication request also passable, is comprised in the authentication result request also passablely, and separately transmission also can.
On the other hand, email authentication device 3 is judged to be and can authenticates under the situation of the record that can not select the addresses of items of mail unanimity.Like this, email authentication device 3 can be determined the user in the source of sending of authentication request.Specifically, email authentication device 3 is extracted user ID 3421 out from the record of selecting.Afterwards, email authentication device 3 will be defined as the user by user ID 3421 identifications of extracting out by the source of sending of the authentication request of the authentication request ID that obtains identification.
Next, email authentication device 3 is sent to customer set up 10 (ST124) by network 9 with authentication result.In addition, email authentication device 3 also can with user ID 3421 corresponding user's intrinsic informations of extracting out, be sent to customer set up 10 with authentication result.
Afterwards, customer set up 10 receives authentication result (ST125) from email authentication device 3.
As mentioned above, the user of customer set up 10 need not input user ID and password just can be accepted the personal authentication.Therefore, the danger that is not stolen of user ID and password.In addition, the user of customer set up 10 also needn't leading subscriber ID and password.Like this, present embodiment need not come leading subscriber ID and password by the user of customer set up 10.And, can save the trouble that the user inputs user ID and password.Just do not have the danger that user ID and password are stolen yet.That is to say that the individual authentication system of present embodiment is safety but also authenticated expediently not only.
The maximum feature of present embodiment will be narrated here.As mentioned above, customer set up 10 sends mail to the authentication addresses of items of mail.Afterwards, email authentication device 3 receives Email.Email authentication device 3 determines to plan to accept the user of authentication according to the transmission source addresses of items of mail of the Email that is received.And email authentication device 3 is determined the authentication request ID as unique identifier of authentication request from the transmission destination of the Email of reception.That is to say that email authentication device 3 can be determined authentication request and come the user's of request authentication corresponding relation by this authentication request.Next, customer set up 10 sends the authentication result request to email authentication device 3.Afterwards, email authentication device 3 receives the authentication result request.Email authentication device 3 is determined the corresponding relation of authentication result request and authentication request according to the authentication request ID in the authentication result request that is comprised in reception.Therefore, email authentication device 3 can be determined the customer set up by user's operation.Thus, in the present embodiment, email authentication device 3 does not comprise in authentication request under the situation of user ID, can realize authentication yet.
And in the present embodiment, the authentication that email authentication device 3 will generate is sent to customer set up 10 with addresses of items of mail and authentication request ID, and to send to customer set up 10 with addresses of items of mail also passable but only will authenticate.In this case, authentication request ID generation module 333 and authentication can be omitted with the authentication request ID3411 of addresses of items of mail corresponding tables 341.That is to say that authentication also can be used as with addresses of items of mail and is used to discern the identifier of authentication request and is used.Afterwards, customer set up 10 sends replacement authentication request ID and comprises the authentication result request of authentication with addresses of items of mail to email authentication device 3.Afterwards, authentication module 338 is obtained the authentication addresses of items of mail from the authentication result request.Next, authentication module 338 from authentication with select the addresses of items of mail corresponding tables 341 obtained authentication with addresses of items of mail and authentication with the authentication of the addresses of items of mail corresponding tables 341 consistent record of addresses of items of mail 3412.Afterwards, authentication module 338 is extracted user mail address 3413 out from selected record.Equally, authentication also can be used as the identifier that is used to discern authentication request with the part of addresses of items of mail and is used.
In addition, in the present embodiment, customer set up 10 receives authentication from email authentication device 3 and uses addresses of items of mail, and send Email is to the authentication addresses of items of mail that is received.But, following also passable.Customer set up 10 shows the authentication addresses of items of mail that receives from email authentication device 3.Afterwards, the user can show 2nd customer set up 10 of authentication with the customer set up 10 of addresses of items of mail from being different from, to authentication addresses of items of mail send Email.In this case, the user that authenticate is the corresponding user of transmission source addresses of items of mail with the Email that sends from the 2nd customer set up 10.Afterwards, show that authentication receives authentication result with the customer set up 10 of addresses of items of mail from email authentication device 3.For example, show that authentication is a personal computer with the customer set up 10 of addresses of items of mail, the 2nd customer set up 10 of send Email be connected to network, can send Email mobile phone.
But in the above-described embodiment, the user of customer set up 10 has used Email in order to accept authentication.The user of customer set up 10 uses and also can based on SIP (Session Initiation Protocol, conversation initialized protocol) in order to accept authentication.At this moment, customer set up 10 possesses the function of sip user agent.In addition, email authentication device 3 possesses the function of sip user agent and sip server.Afterwards, the 3 replacement authentications of email authentication device generate authentication and use the user agent address with addresses of items of mail.Authentication is that email authentication device 3 is used to receive the address based on the communication of SIP with the user agent address.Because of the address system is the same with Email, so detailed.Authentication is the same just passable with the generation method of addresses of items of mail with authentication with the generation method of user agent address.Email authentication device 3 is stored in authentication with in the addresses of items of mail corresponding tables with the authentication request ID of generation and the authentication of generation accordingly with the user agent address.Customer set up 10 by SIP, sends signaling to authentication with the user agent address with user's the opportunity that is operating as.Email authentication device 3 receives signaling from customer set up 10.The user agent address that email authentication device 3 is extracted the transmission source out and sent the destination from the signaling that receives.Next, email authentication device 3 is used the user agent address and the authentication user agent address corresponding to record of authentication with the addresses of items of mail corresponding tables of selecting obtained transmission destination the addresses of items of mail corresponding tables from authentication.Next, email authentication device 3 is stored the user's who is extracted out user agent address in selected record.Thus, email authentication device 3 is at the authentication user's that storage is extracted out in the addresses of items of mail corresponding tables user agent address and the corresponding relation of authentication request ID.On the other hand, customer set up 10 sends the authentication result request that comprises authentication request ID to email authentication device 3.Email authentication device 3 receives the authentication result request from customer set up 10, and extracts authentication request ID out from the authentication result request that receives.Next, email authentication device 3 is from the authentication request ID and authentication authentication request ID corresponding to record with addresses of items of mail corresponding tables of authentication with selection extraction the addresses of items of mail corresponding tables.Then, email authentication device 3 is extracted user's user agent address out from the record of selecting.Here, can email authentication device 3 judge the user agent address that extract the user from the user management table out.Under the situation about extract out, email authentication device 3 is judged and can be authenticated.Afterwards, email authentication device 3 can be determined the user in the source of sending of authentication request.Specifically, email authentication device 3 is extracted user ID out from the record of selecting.Afterwards, email authentication device 3 will be defined as the user by the user ID identification of extracting out by the source of sending of the authentication request of the authentication request ID identification of extracting out.In addition, it is also passable that email authentication device 3 comprises the intrinsic information corresponding with the user ID of extracting out in authentication result.In addition, in all embodiments, use communication to replace Email also passable based on SIP.
The distortion example of the 1st embodiment of the present invention here, is described.After the email authentication device 3 of the 1st embodiment receives the authentication result request from customer set up 10, confirm whether be stored in the user management table 342 from the user mail address 3413 that authentication is extracted out with addresses of items of mail corresponding tables 341.But email authentication device 3 also can confirm whether the transmission source addresses of items of mail of the Email of reception is stored in the user management table 342 when having received Email.In this case, authentication comprises affirmation sign as a result with addresses of items of mail corresponding tables 342.Confirm that sign represents whether email authentication device 3 has confirmed that the transmission source addresses of items of mail of Email is stored in the user management table 342 as a result.Specifically, initial value " 0 " is stored in advance and is confirmed as a result in the sign.Afterwards, email authentication device 3 stores " 1 " into and confirms as a result in the sign after the transmission source addresses of items of mail of the Email of having confirmed to be received is stored in the user management table 342.Afterwards, after email authentication device 3 receives the authentication result request from customer set up 10, replace with reference to user management table 342, and with reference to authentication addresses of items of mail corresponding tables 341.Specifically, stored " 1 " in authentication as a result in the sign with the affirmation of addresses of items of mail corresponding tables 341, email authentication device 3 is judged and can be authenticated.On the other hand, if authentication has been stored " 0 " as a result with the affirmation of addresses of items of mail corresponding tables 341 in the sign, email authentication device 3 is judged and can not be authenticated.
But, because of the present invention exists with ... the intensity of Email to camouflage to the security of pretending to be, so, narrate for the camouflage of Email.
At first, situation about being pretended for the transmission source of Email is narrated.After the disguiser pretends the transmission source of Email,, just can pretend to be the proper user of the Email that has camouflage by the email authentication device 3 authentic words of the 1st embodiment.Therefore, email authentication device 3 is according to SPF (Sender Policy Framework, sender policy framework) loading mail receiving function.SPF is the technology that e-mail server is used to detect the camouflage mail.Email authentication device 3 is to the territory of the Email of DNS (Domain Name Server, name server) request inquiry reception.Afterwards, email authentication device 3 is by the Query Result of DNS and the contrast of the IP address in the transmission source of Email, and whether the transmission source addresses of items of mail of judgement Email is pretended.In addition, as long as the camouflage mail detection technique that email authentication device 3 adopts is reached its purpose, also can with additive method.
Next, the situation that the transmission destination of narrating Email is pretended.After the disguiser pretends the transmission destination of Email, even if, can not be masquerading as other people by email authentication device 3 authentications of the 1st embodiment.On the contrary, other people will be masquerading as the disguiser.Be masquerading as other people of disguiser, the people of the customer set up 10 that to be addresses of items of mail that operation will be identical with the transmission destination addresses of items of mail of camouflage receive with addresses of items of mail as authentication.So, even if the disguiser has pretended the transmission destination of Email, also can not get interests.In addition, utilize generations such as random number with addresses of items of mail because of authentication, so the addresses of items of mail and the authentication corresponding to situation of addresses of items of mail of camouflage are seldom arranged.
Here, describe for the authentication among the present invention.Authentication in this explanation is not general notion, but comprises the authentication of broad sense.Specifically, the authentication among the present invention is the check whether user has the right of utilizing the service that individual authentication system provides.Individual authentication system of the present invention can be discerned the user who is utilizing customer set up, the corresponding service of each user that provides and discern.Therefore, the authentication request among the present invention is the request whether inspection user has the right of utilizing the service that individual authentication system provides.For example, authentication request is the request of login WEB webpage.In this case, email authentication device 3 is that the WEB server is also passable, is that to accept the authentication isolated plant of authentication delegation from the WEB server also passable.In addition, authentication request is to carry out the request of credit card payment in the WEB webpage.In this case, email authentication device 3 is that to carry out the WEB server of credit card payment also passable, is that to receive the authentication isolated plant of authentication delegation from this WEB server also passable.In addition, authentication request is by the ATM drawing money from a bank, returns the request of borrowing money or borrowing money.In this case, customer set up 10 is ATM.In addition, the 2nd customer set up 10 that is used for send Email is movable terminations such as mobile phone.In addition, email authentication device 3 is management servers of the clearing among the management ATM.In addition, authentication request is to carry out the request of credit card payment in the shop.In this case, customer set up 10 is the reading devices that read credit card information.In addition, the 2nd customer set up 10 that is used for send Email is movable terminations such as mobile phone.And email authentication device 3 is management servers of managing the credit card payment that is undertaken by this reading device.In addition, authentication request is the request of debit card clearing.In this case, customer set up 10 is the reading devices that read debit card information.In addition, the 2nd customer set up 10 that is used for send Email is movable terminations such as mobile phone.And email authentication device 3 is management servers of managing the debit card clearing of being undertaken by this reading device.In addition, authentication request is the request that is aggregated in the loaning bill of paying in the common cost.In this case, customer set up 10 is ATM.In addition, the 2nd customer set up 10 that is used for send Email is movable terminations such as mobile phone.And email authentication device 3 is management servers of managing the loaning bill that is undertaken by this ATM.In addition, authentication request is the request of the unpaid common cost of payment.In this case, customer set up 10 is the information terminals that are set at places such as convenience store.In addition, the 2nd customer set up 10 that is used for send Email is movable terminations such as mobile phone.And email authentication device 3 is management servers of this information terminal of management.In addition, authentication request is the request that is connected to company's internal network.In this case, email authentication device 3 is management servers of management company's internal network.In addition, authentication request is the request that slim client computer (THIN CLIENT) is connected to server.In this case, email authentication device 3 is management servers that are connected of management slim client apparatus and server.In addition, authentication request is to WLAN accessing points connection requests.In this case, email authentication device 3 is managing customer devices 10 and the management server that is connected of accessing points.The authentication request of present embodiment does not comprise user ID and password, but email authentication device 3 can carry out authentication processing.In addition, email authentication device 3 also can combine with the authentication processing of present embodiment and carry out in the past authentication processing, improves security thus.For example, email authentication device 3 can contrast user's intrinsic information by combining with the authentication processing of present embodiment, authenticates thus.User's intrinsic information for example comprises at least one in user name, password, credit number, cash card number, user biological information, addresses of items of mail and the telephone number.But user's intrinsic information preferably is logged the addresses of items of mail information in addition in the addresses of items of mail 3422 of user management table 342.This is because plan to know the addresses of items of mail that is logged in user management table 342 by pretending to be the malicious person of acceptance authentication, so must improve the security of the Verification System of present embodiment.Next, the object lesson for the authentication method that contrasts user's intrinsic information describes.Specifically, email authentication device 3 can authenticate by at least one side in contrast user ID and the password.In this case, email authentication device 3 is stored the corresponding relation of user ID and user's intrinsic information in advance.On the other hand, the user of plan acceptance authentication imports user's intrinsic information in customer set up 10.The input that the input does not here just utilize the operation of keyboard etc. to carry out also comprises allowing card reader come Card Reader etc.That is to say that customer set up 10 just can be any device so long as can obtain user's intrinsic information.In addition, whenever the timing of input user intrinsic information can be.Customer set up 10 is sent to email authentication device 3 to user's intrinsic information of input.In addition, customer set up 10 covers user's intrinsic informations of input and sends also passablely in the authentication request, covers and sends also passablely in the authentication result request, and transmission also can separately.Email authentication device 3 receives user's intrinsic information from customer set up 10.The authentication module 338 of email authentication device 3 is determined the source user that sends of authentication request in the step ST123 of the processing (Fig. 7) of authenticating method.Next, email authentication device 3 definite user's intrinsic informations of storing accordingly with determined user's user ID.Then, the authentication module 338 of email authentication device 3 judges whether determined user's intrinsic information is consistent with the user's intrinsic information that receives from customer set up 10.Afterwards, if two user's intrinsic information unanimities, email authentication device 3 is judged to be and can authenticates.But if two inconsistent words of user's intrinsic information, email authentication device 3 is judged to be and can not authenticates.
In addition, the user of present embodiment can not be the people also, but computing machine.For example, computing machine can be used as the user and accepts authentication.
(the 2nd embodiment)
Below the individual authentication system of the 2nd embodiment is described, but with the place that the individual authentication system of the 1st embodiment repeats, omit explanation by adopting same symbol.
The formation of the ps of the 2nd embodiment is identical with the individual authentication system (Fig. 1) of the 1st embodiment, so in this description will be omitted.But in the 2nd embodiment, network 9 is internets.In addition, customer set up 10 is sent to email authentication device 3 by HTTP with authentication request and authentication result request.And customer set up 10 will receive authentication addresses of items of mail and authentication result from email authentication device 3 by HTTP.Therefore, when customer set up 10 is mobile phone, be mounted with WEB browser function and Email sending function.And email authentication device 3 has WEB server capability and mail reception server capability.
Next, utilize Fig. 7 that the authenticating method of the 2nd embodiment is described.The authenticating method of the 2nd embodiment is except ST116 and ST124, and is identical with the authenticating method of the 1st embodiment.So, omit the explanation of same processing.
At first, step ST116 is described.Email authentication device 3 generates and comprises the webpage that addresses of items of mail is used in the authentication that is generated.Afterwards, email authentication device 3 is sent to customer set up 10 with the webpage of generation and the authentication request ID of generation.
Webpage (omitting diagram) by email authentication device 3 generates comprises authentication addresses of items of mail and authentication result request button, and is displayed in the customer set up 10.Authentication result request button is the button that is used for receiving from the user transmission indication of authentication result request.That is to say that authentication result request button is operated by the user, customer set up 10 sends the authentication result request to email authentication device 3.In addition, not comprise authentication result request button also passable for the webpage that generates of email authentication device 3.In this case, customer set up 10 is with user's the opportunity that is operating as, but sends the authentication result request at certain intervals to email authentication device 3.
Next, step S124 is described.Email authentication device 3 generates the webpage that comprises authentication result.Afterwards, email authentication device 3 is sent to customer set up 10 with the webpage that generates as authentication result.In addition, when authentication result can authenticate, in the webpage that email authentication device 3 generates, can comprise and the corresponding user's intrinsic information of user ID.
In addition, can use session id to replace authentication request ID.Session id be identification WEB server with the WEB browser between the identifier of communicating by letter.The generation of session id and management are the functions of common WEB server and common WEB browser.So, the detailed description of omitting session id.
(the 3rd embodiment)
Next the individual authentication system to the 3rd embodiment describes, but with the place that the individual authentication system of the 1st and the 2nd embodiment repeats, use same symbol to omit explanation.
The email authentication device 3 that is possessed in the individual authentication system of the 2nd embodiment, the sending function of webpage that has authentication function and comprise user's intrinsic information.At this moment, change to the function that possesses email authentication device 3, just have to change the program of WEB server in order to make WEB server in the past.To this, in the 3rd embodiment, explanation can easily import the embodiment of authenticating method of the present invention in WEB server in the past.The WEB server in the past that possesses in the individual authentication system with the 3rd embodiment is as importing WEB server 5.
Fig. 8 is the pie graph of summary of the individual authentication system of the 3rd embodiment.Individual authentication system shown in Fig. 8 possesses a plurality of customer set ups 10, imports WEB server 5 and email authentication isolated plant 943.In addition, customer set up 10, importing WEB server 5 and email authentication isolated plant 943 are interconnected by network 9.The customer set up 10 (Fig. 2) that is possessed in the individual authentication system of the formation of customer set up 10 and the 1st embodiment is identical, so omit explanation.Importing WEB server 5 is WEB servers in the past.The email authentication device 3 (Fig. 3) that possesses in the individual authentication system because of the formation of email authentication isolated plant 943 and the 1st embodiment is identical, so omit explanation.
In addition, in order to describe clearly, in the explanation of the individual authentication system of the 3rd embodiment, to establish territory " dounyu.jp " and be assigned to and import WEB server 5.And territory " ninsho.jp " is assigned to email authentication isolated plant 943.
Next, utilize the authenticating method of figure explanation the 3rd embodiment.Fig. 9 is the sequence chart of processing of the authenticating method of the 3rd embodiment.Customer set up 10 as opportunity, is sent to importing WEB server 5 (ST94109) with login with the request of webpage with user's operation.Import WEB server 5 and receive the request of login with webpage from customer set up 10.Afterwards, import WEB server 5 by network 9, the login that will comprise authentication website information is sent to customer set up 10 (ST94110) with webpage.This login comprises authentication website information with webpage.So-called authentication website information is meant information from authentication request to email authentication isolated plant 943 that impel customer set up 10 to send.And authentication website information comprises Return URL.So-called Return URL, be meant finish by the authentication of email authentication isolated plant 943 after, customer set up 10 sends the URL of members with the request of webpages.Illustrate authentication website information here.For example, authentication website information be "<SCRIPT SRC=' http://www.ninsho.jp/index.php? rurl=http: //www.dounyu.jp/member.php '</SCRIPT "." rurl=" URL afterwards is exactly a Return URL.Again for example, authentication website information be "<A HREF=' http://www.ninsho.jp/index.php? rurl=http: //www.dounyu.jp/member.php ' this be the authentication</A "." rurl=" URL afterwards is exactly a Return URL.Authentication website information is that out of Memory is also passable so long as reach its purpose.Next, customer set up 10 with the authentication website information in the webpage, sends authentication request (ST111) to email authentication isolated plant 943 according to the login that is comprised in reception.Email authentication isolated plant 943 receives authentication request.Afterwards, email authentication isolated plant 943 is extracted Return URL (ST94112) out from the authentication request that receives.Afterwards, email authentication isolated plant 943 generates authentication request ID and authentication addresses of items of mail (ST113, ST114).Afterwards, email authentication isolated plant 943 is stored in authentication with in the addresses of items of mail corresponding tables 341 (ST94115) with authentication request ID, authentication accordingly with addresses of items of mail and Return URL.Therefore, authentication comprises Return URL (omitting diagram) with addresses of items of mail corresponding tables 341.Specifically, email authentication isolated plant 943 is used in authentication and is generated new record in the addresses of items of mail corresponding tables 341.Next, email authentication isolated plant 943 is stored the authentication request ID that generates in the authentication request ID3411 of the new record that is generated.Afterwards, email authentication isolated plant 943 the authentication of the new record that generates with addresses of items of mail 3412 in the authentication addresses of items of mail of storage generation.Afterwards, email authentication isolated plant 943 is stored the Return URL of being extracted out in the Return URL of the new record that generates.Afterwards, email authentication isolated plant 943 sends authentication request ID and the authentication addresses of items of mail (ST94116) that generates to customer set up 10.Customer set up 10 receives authentication request ID and authentication addresses of items of mail (ST117).Afterwards, customer set up 10 with send Email to the authentication that received with addresses of items of mail (ST118).Afterwards, email authentication isolated plant 943 receives Email (ST119) from customer set up 10.Next, the addresses of items of mail of the transmission source of email authentication isolated plant 943 definite Emails that received and transmission destination.Afterwards, email authentication isolated plant 943 will store authentication addresses of items of mail corresponding tables 341 (ST120) into accordingly with corresponding authentication request ID of determined transmission destination addresses of items of mail and determined transmission source addresses of items of mail.On the other hand, customer set up 10 sends authentication result request (ST121) to email authentication isolated plant 943.Afterwards, email authentication isolated plant 943 receives authentication result request (ST122) from customer set up 10, and extracts authentication request ID out from the authentication result request that receives.Afterwards, email authentication isolated plant 943 is from authenticating with extracting out the addresses of items of mail corresponding tables 341 and the corresponding user mail of the authentication request ID address 3413 of being extracted out.Next, email authentication isolated plant 943 judges whether the user mail address 3413 of extracting out is stored in the addresses of items of mail 3422 of user management table 342 (ST123).When user mail address 3413 was stored in the user management table 342, email authentication isolated plant 943 was judged to be and can authenticates.On the contrary, when user mail address 3413 was not stored in the user management table 342, email authentication isolated plant 943 was judged to be and can not authenticates.Afterwards, email authentication isolated plant 943 sends authentication result (ST94124) to customer set up 10.Specifically, email authentication isolated plant 943 is from authenticating the authentication request ID and the authentication request ID3411 corresponding to record of authentication with addresses of items of mail corresponding tables 341 that is extracted out with selecting the addresses of items of mail corresponding tables 341.Afterwards, email authentication isolated plant 943 is extracted Return URL and user mail address 3413 out from selected record.Next, email authentication isolated plant 943 generates the webpage that comprises authentication result, Return URL and user mail address.Illustrate the source code that is comprised in the webpage that is generated here.For example, source code is "<meta http-equiv=" Refresh " content=" 0; Url=http: //www.dounyu.jp/member.php? usrmail=taka@yahoo.co.jp﹠amp; Auth=1 "〉"." url=" URL afterwards is a Return URL." usrmail=" addresses of items of mail afterwards is the user mail address." auth=" value afterwards is an authentication result.For example, " 1 " is to authenticate, and " 0 " is to authenticate.But " auth=" needn't be necessarily involved.Again for example, is source code "<A HREF=" http://www.dounyu.jp/member.php? usrmail=taka@yahoo.co.jp﹠amp; Auth=1 "〉be here member's webpage</A "." url=" URL afterwards is a Return URL." usrmail=" addresses of items of mail afterwards is the user mail address." auth=" value afterwards is an authentication result.For example, " 1 " representative can authenticate, and " 0 " representative can not authenticate.But " auth=" needn't necessarily comprise.In addition, the above-mentioned source code that comprises webpage, as long as reach its purpose, other source code also can.Next, email authentication isolated plant 943 is sent to customer set up 10 with the webpage that generates as authentication result.Customer set up 10 receives the webpage (ST125) that sends as authentication result.Next, customer set up 10 sends the request (ST94126) of member with webpage according to the webpage that receives to importing WEB server 5.The member that customer set up 10 sends comprises the user mail address with the request of webpage.For example, the member with the request of webpage be " http://www.dounyu.jp/member.php? usrmail=taka@yahoo.co.jp ﹠amp; Auth=1 " such URL." usrmail=" addresses of items of mail afterwards is user's a addresses of items of mail.Import WEB server 5 and receive the request of member with webpage from customer set up 10.Next, import WEB server 5 and use extraction user mail address the request of webpage from the member who receives.Afterwards, import WEB server 5, determine the user according to the addresses of items of mail of extracting out.Afterwards, email authentication isolated plant 943 generates with the corresponding member of determined user and uses webpage.Next, import WEB server 5, the member who generates is sent to customer set up 10 (ST94127) with webpage by network 9.In addition, the member comprises the corresponding user's intrinsic information of user with the addresses of items of mail that is drawn out of with webpage.Afterwards, customer set up 10 is used webpage from importing WEB server 5 reception members.Afterwards, customer set up 10 shows that in display device the member who is received uses webpage (ST94128).
As mentioned above, as the importing WEB server 5 of existing WEB server can be only by comprising authentication website information in addresses of items of mail in the login that sends to customer set up 10, just can import authenticating method of the present invention.
In the above-described embodiment, email authentication isolated plant 943 storage user management tables 342.But email authentication isolated plant 943 is not must storage user management table 342.In this case, import WEB server 5 storage user management tables 342.And in step ST123, email authentication isolated plant 943 there is no need to judge whether the user mail address 3413 of extraction is stored in the addresses of items of mail 3422 of user management table 342.Alternatively, import WEB server 5 and judge whether the addresses of items of mail that comprises is stored in the user management table 342 from the request of member with webpage that customer set up 10 receives.
In the above-described embodiment, import WEB server 5 and trust the addresses of items of mail that from the request of member that customer set up 10 receives, is comprised, send the member and use webpage with webpage.But the addresses of items of mail that is comprised in the request of member with webpage might be forged.So importing WEB server 5 can confirm that linked source is an email authentication isolated plant 943 by with reference to inquiry (referer).
The variation of the 3rd embodiment of the present invention here, is described.In the 3rd embodiment, email authentication isolated plant 943 has generated authentication request ID.But, import WEB server 5 and also can replace email authentication isolated plant 943, generate authentication request ID.At this moment, import the authentication request ID that 5 storages of WEB server are generated.Next, import the authentication website information that WEB server 5 will comprise the authentication request ID of generation and be sent to customer set up 10.Customer set up 10 is extracted authentication request ID out from the authentication website information that receives.Afterwards, customer set up 10 authentication request that will comprise the authentication request ID of extraction is sent to email authentication isolated plant 943.Email authentication isolated plant 943 does not generate authentication request ID, but receives authentication request from customer set up 10.Afterwards, email authentication isolated plant 943 accordingly is stored in authentication with in addresses of items of mail corresponding tables 341 with authentication with addresses of items of mail with the authentication request ID that comprises in the authentication request that receives.Email authentication isolated plant 943 will comprise the webpage that is stored in the authentication request ID in the authentication usefulness addresses of items of mail corresponding tables 341, be sent to customer set up 10 as authentication result.Customer set up 10 receives authentication result from email authentication isolated plant 943.Afterwards, customer set up 10 sends the request of member with webpage according to the authentication result that receives to importing WEB server 5.Here, customer set up 10 sends the request that the member who comprises authentication request ID uses webpage to importing WEB server 5.Import WEB server 5 and receive the request of member with webpage from customer set up 10.Next, import WEB server 5 and use the request of webpage, extract authentication request ID out from the member who receives.Afterwards, import WEB server 5 and judge whether stored the authentication request ID that is extracted out.Import WEB server 5 when having stored authentication request ID, send the member to customer set up 10 and use webpage.On the contrary, when importing WEB server 5 did not have authentication storage request ID, the member who is judged as reception was pretended with the request of webpage.Therefore, importing WEB server 5 does not send the member and uses webpage.In addition, when email authentication isolated plant 943 was connected to a plurality of importing WEB server 5, each imported WEB server 5 and generate unique authentication request ID in individual authentication system.For example, import WEB server 5 and comprise the authentication request ID of unique identifier of this importings WEB server 5, the unique authentication request ID of generation in individual authentication system by generation.
(the 4th embodiment)
The individual authentication system of the 4th embodiment below will be described, but with the place that the individual authentication system of the 3rd embodiment repeats, use same-sign to omit explanation.
In the ecommerce on the internet, use credit card more as the situation of means of settlement.In the 4th embodiment, the example that the individual authentication system of the 3rd embodiment is applied to the credit card payment on the internet is described.
The summary pie graph of the individual authentication system of cause the 4th embodiment is identical with the summary pie graph (Fig. 8) of the individual authentication system of the 3rd embodiment, so omit detailed explanation.Customer set up 10 is by user's operation of planning to carry out credit card payment.Importing WEB server 5 provides the WEB server of ecommerce such as article sale or service sales.Email authentication isolated plant 943 is to handle the credit examination of credit card and the WEB device of charge.The user management table 342 of email authentication isolated plant 943 comprises credit card number (omitting diagram).The credit card number that is comprised in the user management table is user's a credit card number.Credit card number is stored in the user management table 342 accordingly with the e-mail address that has the user of this credit card.And the authentication of email authentication isolated plant 943 comprises settlement amounts (omitting diagram) with addresses of items of mail corresponding tables 341.Authentication is intended to use the amount of money of credit card payment with the settlement amounts that is comprised in the addresses of items of mail corresponding tables 341.
The summary of processing of the authenticating method of the 4th embodiment is described.Import WEB server 5 with user's operation as opportunity, determine settlement amounts.Definite method of settlement amounts can adopt the method that adopts in the past e-commerce website.Next, customer set up 10 as opportunity, replaces the request of login with webpage with user's operation, and clearing are sent to importing WEB server 5 with the request of webpage.Import WEB server 5 and receive the request of clearing with webpage.Next, import WEB server 5 and generate requested clearing webpage.Afterwards, import the clearing that WEB server 5 will generate and be sent to customer set up 10 with webpage.The clearing that import 5 generations of WEB server comprise authentication website information with webpage.Authentication website information not only comprises Return URL, also comprises settlement amounts.Customer set up 10 receives clearing with behind the webpage, according to the authentication website information that comprises in this webpage, sends authentication request to email authentication isolated plant 943.Email authentication isolated plant 943 receives authentication request.Next, email authentication isolated plant 943 is extracted Return URL and settlement amounts out from the authentication request that receives.Afterwards, email authentication isolated plant 943 generates authentication request ID and authentication addresses of items of mail.Next, email authentication isolated plant 943 is with the authentication request ID that generates, authentication addresses of items of mail, the Return URL of extraction and the settlement amounts of extraction of generation, in authentication storage accordingly in the addresses of items of mail corresponding tables 341.Afterwards, email authentication isolated plant 943 sends authentication request ID and the authentication addresses of items of mail that generates to customer set up 10.Customer set up 10 receives authentication request ID and authentication addresses of items of mail.Afterwards, customer set up 10 is to authentication addresses of items of mail send Email.Thus, customer set up 10 is to email authentication isolated plant 943 send Emails.Email authentication isolated plant 943 receives Email from customer set up 10, and the addresses of items of mail of obtaining the transmission source and sending the destination from the Email that receives.Next, email authentication isolated plant 943 will store authentication into in the addresses of items of mail corresponding tables 341 accordingly with corresponding authentication request ID of transmission destination addresses of items of mail that obtains and the transmission source addresses of items of mail of obtaining.On the other hand, customer set up 10 sends the authentication result request to email authentication isolated plant 943.Email authentication isolated plant 943 receives the authentication result request from customer set up 10, and extracts authentication request ID out from the authentication result request that receives.Next, email authentication isolated plant 943 is from authentication request ID corresponding e-mail address and the settlement amounts of authentication with extraction the addresses of items of mail corresponding tables 341 and extraction, afterwards, from user management table 341, extract out and the corresponding credit card number of e-mail address of being extracted out.Afterwards, email authentication isolated plant 943 utilizes the credit card number of this extraction to judge whether the settlement amounts of extracting out can be utilized, and carries out the credit examination.The examination of the credit is here examined identical with existing credit when utilizing credit card.If credit examination is for good, then email authentication isolated plant 943 is collected settlement amounts to credit card.Email authentication isolated plant 943 can entrust the isolated plant that the credit examination is handled and charge is handled to handle.Email authentication isolated plant 943 is judged authentication result for authenticating after finishing the charge processing, and authentication result is sent to customer set up 10.Customer set up 10 is according to the authentication result that receives, and the request that clearing is finished webpage is sent to importing WEB server 5.Import WEB server 5 and receive the request that clearing finish webpage, and from the request of this webpage, extract the user mail address out from customer set up 10.Afterwards, import WEB server 5 and will be sent to customer set up 10 with the user mail address of extracting out corresponding clearing end webpage.In addition, clearing end webpage comprises and the corresponding user's intrinsic information of extracting out of addresses of items of mail.
As mentioned above, the individual authentication system of the 3rd embodiment can be applied to the clearing of credit card.In addition, in the 4th embodiment, be described for credit card payment, still, means of settlement is so long as through authenticating the means of settling accounts, no matter be that what means can.For example, means of settlement has " Edy " (trade mark), " Jay Debit (ジ エ イ デ PVC Star ト) " (trade mark) or " mobile phone payment service " (trade mark) etc." Edy " (trade mark) is the electronic money that can use on shop and internet." Jay Debit " (trade mark) is can clearing service that use, that take out from deposit account on shop and internet." mobile phone payment service " (trade mark) is back pair the clearing service that settlement amounts is comprised in the mobile phone fee request, can uses on the internet.
The distortion example of the individual authentication system of the 4th embodiment here, is described.The email authentication isolated plant 943 that possesses in the individual authentication system of the 4th embodiment has been determined credit card number according to the transmission source of Email.So, when the transmission source of Email is pretended, settle accounts by the user who pretends to be.For the clearing that prevent to pretend to be, the user is to customer set up 10 input credit card numbers.The credit card number that customer set up 10 will be transfused to is sent to email authentication isolated plant 943.In addition, customer set up 10 sends after can comprising the credit card number that is transfused in authentication request or authenticate-acknowledge request.After email authentication isolated plant 943 receives credit card number from customer set up 10, store the credit card number of this reception.The summary of distortion example is as described below.Import clearing that WEB server 5 sends the input field that comprises credit card number with webpage to customer set up 10.The user of customer set up 10 imports credit card number in the credit card number input field of clearing with webpage.The input of being undertaken by the operation of keyboard etc. is not only in the input here, also comprises allowing card reader Card Reader etc.That is to say, as long as customer set up 10 can be obtained credit card number, no matter be that what device can.Customer set up 10 sends the authentication request that comprises the credit card number that is transfused to email authentication isolated plant 943.Email authentication isolated plant 943 is extracted credit card number out from the authentication request that receives from customer set up 10 after, credit card number and the authentication request ID that extracts out is stored in authentication accordingly with in the addresses of items of mail corresponding tables 341.On the other hand, email authentication isolated plant 943 receives the authentication result request from customer set up 10, afterwards, from user management table 342, extract out with the authentication result request that is contained in reception in the corresponding credit card number of authentication request ID, thus, from user management table 342, extract the credit card number of clearing usefulness out.Next, the credit card number of email authentication isolated plant 943 contrast extractions authenticates the credit card number of using in the addresses of items of mail corresponding tables 341 with being stored in.Only under the situation of two credit card number unanimities, email authentication isolated plant 943 just can carry out credit examination and charge to this credit card.Perhaps, following also passable.Email authentication isolated plant 943 receives authentication request from customer set up 10, afterwards, comprises the webpage of authentication with addresses of items of mail to customer set up 10 transmissions.Comprise authentication also comprises credit card number with the webpage of addresses of items of mail input field.The user of customer set up 10 imports credit card number in comprising the input field of authentication with the credit card number of the webpage of addresses of items of mail.Customer set up 10 sends the authentication result request that comprises the credit card number that is transfused to email authentication isolated plant 943.Email authentication isolated plant 943 receives the authentication result request from customer set up 10 as mentioned above, afterwards, and the corresponding credit card number of authentication request ID that comprises in the authentication result request of from user management table 342, extracting out and being received.Thus, email authentication isolated plant 943 is extracted the credit card number of clearing usefulness out from user management table 342, afterwards, and the credit card number that comprises in credit card number that contrast is extracted out and the authentication result request.Have only under the situation of two credit card number unanimities, email authentication isolated plant 943 just can carry out credit examination and charges this credit card.In addition, in the distortion example of the 4th embodiment, can allow the user input out of Memory such as password and replace importing credit card number, prevent to pretend to be.
(the 5th embodiment)
Below the individual authentication system of the 5th embodiment is described, still,, omit explanation by using same symbol with the place that the individual authentication system of the 1st embodiment repeats.
Figure 10 is the summary pie graph of the individual authentication system of the 5th embodiment.Individual authentication system shown in Figure 10 possesses a plurality of ATM (AUTOMATIC TELLERMACHINE, ATM (Automatic Teller Machine)) 2010, a plurality of mobile phone 60 and ATM email authentication device 923.ATM2010 is by plan acceptance authentication and takes out, deposits in the ATM (Automatic Teller Machine) of user's operation of cash.ATM2010 can possess in general financial institution.ATM email authentication device 923 is connected to ATM2010 by network 9.Network 9 in the 5th embodiment is internal networks.And network 9 can comprise the relay that house steward is set at the ATM email authentication device in a plurality of financial institutions.In addition, ATM email authentication device 923 is connected to mobile phone 60 by internet 1.The email authentication device 3 (Fig. 3) that possesses in the formation of ATM email authentication device 923 and the individual authentication system of the 1st embodiment is identical, so omit explanation.In addition, represented among Figure 10 that ATM2010 is two, can but possess how many platforms in the individual authentication system.And mobile phone 60 is illustrated as two, can but possess how many platforms in the individual authentication system.In addition, individual authentication system can possess any terminal with Email sending function, replaces mobile phone 60.ATM2010 physically possesses transceiver part, central processing unit, main storage means, auxilary unit, input media, display device and cash handling part etc.The cash handling part is used for physically managed paper currency and currency.And the cash handling part deposits, takes out bank note and currency in.In addition, the function of ATM2010 is except the cash handling part, and is identical with the customer set up 10 that possesses in the individual authentication system of the 1st embodiment, so omit explanation.
The function of the ATM email authentication device 923 of the 5th embodiment constitutes, and is identical with the email authentication device 3 (Fig. 4) that possesses in the individual authentication system of the 1st embodiment, so omit explanation.
In addition, user's intrinsic information and user ID are stored in the user management table 342 in the auxilary unit that is stored in ATM email authentication device 923 accordingly.User's intrinsic information in the present embodiment is the account information of financial institution.The account information of financial institution comprises account number, the balance of deposits, loan balance and the remaining sum that can borrow etc.But user's intrinsic information not necessarily will be managed by user management table 342, so long as manage accordingly with user ID, no matter what method can.Be comprised in from ATM email authentication device 923 with the part of the corresponding user's intrinsic information of user ID and send to the authentication result of ATM2010.
Next, the authenticating method to the 5th embodiment describes.The processing of the authenticating method of the 5th embodiment is identical with the authenticating method (Fig. 7) of the 1st embodiment, so omit explanation.But,, will the characteristic step of the authenticating method of the 5th embodiment be described here.
ST118 in the 5th embodiment is described.Device as the transmission source of Email is not ATM2010, but as the mobile phone 60 of the 2nd customer set up.Mobile phone 60 with user's operation as opportunity, to ATM email authentication device 923 send Emails.
ST124 in the 5th embodiment is described.The authentication result sending module 339 of ATM email authentication device 923 is sent to ATM2010 by network 9 with authentication result.But authentication result comprises and user's intrinsic informations such as the corresponding account number of user ID, the balance of deposits, loan balance or debit balance volume.
After the ST124, ATM2010 shows in display device from the authentication result of ATM email authentication device 923 receptions and user's intrinsic information.The user of ATM2010 carries out follow-up operation according to the information that is shown.Said subsequent operation is meant, for example the return of Cun Kuan taking-up, loaning bill and loaning bill.
But, various operations such as the taking-up that general A TM can take deposits, the return of loaning bill and loaning bill.So before ST111, ATM2010 receives the kind of operation from the user.ATM2010 is included in the desired operation species of user in the authentication request that ATM email authentication device 923 sends.ATM email authentication device 923 is extracted the desired operation species of user of ATM2010 out from the authentication request that receives from ATM2010, afterwards, according to the operation species of extracting out, decision is included in the user's intrinsic information in the authentication result.
And following process is also passable.Various operations such as the taking-up that general A TM can take deposits, the return of loaning bill and loaning bill.Here, ATM email authentication device 923 can be stored with user ID accordingly in advance from the operation that the user of ATM2010 accepts.In this case, ATM2010 did not receive the kind of operation from the user before sending authentication request.At first, ATM2010 utilizes the authenticating method of the 5th embodiment to accept authentication.ATM email authentication device 923 will cover in the authentication result with the corresponding acceptable operating of user ID of authentication, is sent to ATM2010.ATM2010 demonstrates authentication result and the acceptable operation that receives from ATM email authentication device 923 in display device.In the operation species of the user of ATM2010 from the display device that is displayed on ATM2010, selection operation.Afterwards, ATM2010 carries out the kind of selecteed operation.
In addition, the authenticating method of the 5th embodiment also can be combined with the existing authenticating method of cash card and password that utilizes.Like this, even cash card and password are stolen, the short of addresses of items of mail send Email that utilizes the user, the user who pretends to be just can't drawing money from a bank.In addition, the authenticating method of the 5th embodiment also can with utilize one personal authentication in cash card or the password combined.
The distortion example of the 5th embodiment of the present invention here, is described.In the 5th embodiment, after ATM email authentication device 923 generates authentication request ID, be sent to ATM2010.But in the distortion example, ATM2010 can be sent to ATM email authentication device 923 with the authentication request that comprises self ATM_ID.ATM_ID is unique identifier of ATM2010.Afterwards, ATM email authentication device 923 is extracted ATM_ID out from authentication request, afterwards, the ATM_ID and the authentication of extracting out is stored accordingly with addresses of items of mail.In this case, replace authentication request ID3411, authentication comprises ATM_ID with addresses of items of mail corresponding tables 341.In addition, ATM2010 can not send different authentication request to ATM email authentication device 923 to before the finishing dealing with an of authentication request.Therefore, ATM_ID is man-to-man with the corresponding relation that authenticates with addresses of items of mail.ATM email authentication device 923 is determined the corresponding ATM_ID of transmission destination addresses of items of mail with the Email that receives after receiving Email from mobile phone 60.Afterwards, ATM email authentication device 923 sends authentication result to the ATM2010 by determined ATM_ID identification.That is to say,, also can send authentication result even ATM email authentication device 923 does not receive the authentication result request from ATM2010.
The example application of the 5th embodiment of the present invention here, is described.The ATM email authentication device 923 that is possessed in the individual authentication system of the example application of the 5th embodiment has the device that calculates common cost concurrently.In this case, after ATM email authentication device 923 calculates common cost, send bill, the managing payment situation.For example, common cost has telephone charge, cell-phone fee, the electricity charge, gas charge and water rate etc.ATM email authentication device 923 is stored the addresses of items of mail of mobile phone 60 accordingly with the user identifier of accepting the service of common cost.ATM email authentication device 923 lends when loan the user to ATM2010, loan is aggregated in the common cost request asks.And ATM email authentication device 923 receives the Payment Request of common cost from the user of ATM2010.When ATM email authentication device 923 has authenticated the user of ATM2010 as mentioned above, accept the user's of mobile phone 60 the payment of unpaid common cost from ATM2010.And, the request that ATM email authentication device 923 is accepted to provide a loan and lent from the user of ATM2010.After ATM email authentication device 923 has authenticated the user of ATM2010 as mentioned above, lend loan from ATM2010.In addition, ATM email authentication device 923 will add up to loan in the request of common cost, ask.
In addition, in the 5th embodiment of the present invention, unduplicated authentication can be distributed to all ATM2010 respectively in advance with addresses of items of mail.In this case, ATM2010 is constant with the corresponding relation of addresses of items of mail with authentication, and is stored in authentication in advance with in the addresses of items of mail corresponding tables 341 etc.And ATM email authentication device 923 can be according to the addresses of items of mail that sends the destination, determines the ATM2010 in transmission source of user's authentication request.
(the 6th embodiment)
Individual authentication system to the 6th embodiment describes below, but with the place that the individual authentication system of the 1st and the 5th embodiment repeats, by using same symbol, omit explanation.
As the individual authentication system of the 6th embodiment, the embodiment that the individual authentication system of the 1st embodiment is used for the credit card payment in shop is described.In the past, in the credit card payment in shop, for the use that prevents to pretend to be, the salesman contrasted the signature of use voucher and the signature of back of credit cards with eyes.But, can't prevent from fully to pretend to be with the contrast of eyes.In the individual authentication system of the 6th embodiment, for using Email to replace the embodiment that contrasts signature to describe.
Figure 11 is the summary pie graph of the individual authentication system of the 6th embodiment.Individual authentication system shown in Figure 11 possesses a plurality of reading devices 2110, a plurality of mobile phone 60 and email authentication device 3.Reading device 2110 is connected to email authentication device 3 by network 9.Email authentication device 3 is connected to mobile phone 60 by internet 1.Reading device 2110 is the devices that are used to read credit card information.Reading device 2110 is so long as general credit card reader is just passable.Usually, the salesman operates reading device 2110 in the shop.But the user who accepts authentication in the individual authentication system of the 6th embodiment is the owner of credit card.Therefore, simpler in order to make explanation, in description of the present embodiment, the owner of the user of reading device 2110 as credit card.The email authentication device 3 (Fig. 3) that is possessed in the individual authentication system because of email authentication device 3 and the 1st embodiment is identical, so omit explanation.In addition, illustrating reading device 2110 among Figure 11 is two, and still, having how many platforms in the individual authentication system can.In addition, illustrating mobile phone 60 among Figure 11 is two, and still, having how many platforms in the individual authentication system can.Reading device 2110 physically possesses transceiver part, central processing unit, main storage means, auxilary unit, input media, display device and card information reading part and grades.The card information reading section is used for reading the information that is stored in credit card.The function of reading device 2110 is mainly identical with the customer set up 10 that possesses in the individual authentication system of the 1st embodiment.And reading device 2110 is by user's operation, receive credit card number and settlement amounts.Reading device 2110 covers credit card number and the settlement amounts of accepting in the authentication request that email authentication device 3 sends.
The email authentication device 3 of the 6th embodiment the function of the email authentication device 3 that possesses except the individual authentication system of the 1st embodiment, also has following function.The email authentication device 3 of the 6th embodiment is handled the credit examination and the charge of credit card.The user management table 342 of email authentication device 3 comprises credit card number (omitting diagram).Be comprised in credit card number in the user management table 342 and be the number of the credit card that the user holds.That is to say that credit card number and user's e-mail address is stored in the user management table 342 explicitly in advance.In addition, the authentication of email authentication device 3 comprises settlement amounts (omitting diagram) and credit card number (omitting diagram) with addresses of items of mail corresponding tables 341.Authentication is intended to use the amount of money of credit card payment with the settlement amounts that comprises in the addresses of items of mail corresponding tables 341.Authentication is intended to the number of the credit card that is used to settle accounts with the credit card number that comprises in the addresses of items of mail corresponding tables 341.
Next, utilize Fig. 7 that the summary of processing of the authenticating method of the 6th embodiment is described.In addition, the device that sends the source as Email is not a reading device 2110, but as the mobile phone 60 of second customer set up.
Reading device 2110 is accepted settlement amounts from the user.And the card information reading section of reading device 2110 reads credit card number by the operation of user to card.And reading device 2110 sends settlement amounts of being accepted and the credit card number (ST111) that is read to email authentication device 3.Email authentication device 3 receives authentication request (ST112).Afterwards, email authentication device 3 is extracted settlement amounts and credit card number out from the authentication request that receives, and generates authentication request ID and authentication addresses of items of mail (ST113, ST114) then.Next, email authentication device 3 is used in the addresses of items of mail corresponding tables 341 in authentication, and the authentication request ID that generates, the authentication of generation are stored (ST115) accordingly with the settlement amounts of addresses of items of mail, extraction and the credit card number of extraction.Next, email authentication device 3 sends the authentication request ID of generation and the authentication addresses of items of mail (ST116) of generation to reading device 2110.Reading device 2110 receives authentication request ID and authentication addresses of items of mail (ST117).Afterwards, reading device 2110 demonstrates the authentication addresses of items of mail of reception in display device.In addition, reading device 2110 can not show the authentication addresses of items of mail, but the paper of authentication with addresses of items of mail is being put down in writing in printing.That is to say, as long as reading device 2110 can be to user notification authentication addresses of items of mail, no matter what method can.In addition, reading device 2110 can show or print and the authentication corresponding QR coding of addresses of items of mail etc.Mobile phone 60 is with user's the opportunity that is operating as, to the authentication that is shown addresses of items of mail send Email (ST118).Afterwards, email authentication device 3 receives Email (ST119) from mobile phone 60.Next, email authentication device 3 is obtained transmission source addresses of items of mail and is sent the destination addresses of items of mail from the Email that receives.Afterwards, email authentication device 3 stores transmission source addresses of items of mail and the authentication request ID that obtains into authentication with in the addresses of items of mail corresponding tables 341 (ST120) explicitly according to the transmission destination addresses of items of mail of obtaining.Specifically, email authentication device 3 is selected obtained transmission destination addresses of items of mail and the authentication addresses of items of mail 3412 corresponding to records of authentication with addresses of items of mail corresponding tables 341 from authenticating with the addresses of items of mail corresponding tables 341.Next, email authentication device 3 stores the transmission source addresses of items of mail of obtaining in the user mail address 3413 of selected record into.On the other hand, reading device 2110 sends authentication result request (ST121) to email authentication device 3.Email authentication device 3 receives authentication result request (ST122) from reading device 2110.Email authentication device 3 is extracted authentication request ID out from the authentication result request that receives.Afterwards, email authentication device 3 with the addresses of items of mail corresponding tables 341, is extracted user mail address, settlement amounts, the credit card number (ST123) of storing explicitly with the authentication request ID that is extracted out from authentication out.Specifically, email authentication device 3 with the addresses of items of mail corresponding tables 341, is selected the authentication request ID and the authentication request ID3411 consistent record of authentication with addresses of items of mail corresponding tables 341 that are extracted out from authentication.Next, email authentication device 3 is extracted user mail address 3413, settlement amounts, credit card number out from the record of extracting out.Afterwards, email authentication device 3 from user management table 342, the record that the user mail address 3413 of select extracting out and the addresses of items of mail of user management table 342 3422 are consistent.Afterwards, email authentication device 3 is extracted credit card number out from the record of extracting out.Afterwards, 3 contrasts of email authentication device are from the credit card number of authentication with credit card number of extracting out the addresses of items of mail corresponding tables 341 and extraction from user management table 342.When two credit card numbers of extracting out were inconsistent, email authentication device 3 was judged to be and can not authenticates.On the contrary, when two credit card numbers of extraction were consistent, email authentication device 3 was judged the credit the examination whether settlement amounts of extraction can be utilized.Credit examination is identical with the existing examination of carrying out when utilizing credit card.If credit examination is for good, then email authentication device 3 is collected settlement amounts to credit card.In addition, email authentication device 3 can be entrusted to isolated plant with credit examination and charge processing.In this case, email authentication device 3 is connected by network with the isolated plant that carries out credit examination and charge.Email authentication device 3 is judged to be and can authenticates after charge is finished dealing with.Email authentication device 3 sends authentication result to reading device 2110 (ST124).Reading device 2110 receives authentication result (ST125).Afterwards, reading device 2110 demonstrates authentication result in display device.
As mentioned above, in the individual authentication system of the 6th embodiment, when carrying out credit card payment, can utilize e-mail address to replace the contrast signature in the shop.In addition, in the 6th embodiment, credit card payment is illustrated, but means of settlement so long as through the authentication means of settling accounts, no matter be what means can, be not limited to credit card.For example, means of settlement has Jay Debit (trade mark).
In the above-described embodiment, comprise credit card number in the authentication request by reading device 2110 transmissions.But, as following also passable.Reading device 2110 can cover credit card number among the authentication request result, rather than covers in the authentication request.In this case, the authentication of email authentication device 3 can not comprise credit card number with addresses of items of mail corresponding tables 341.Reading device 2110 sends the authentication result request to email authentication device 3.Email authentication device 3 receives the authentication result request from reading device 2110, afterwards, extracts authentication request ID out from the authentication result request that receives.Next, email authentication device 3 with the addresses of items of mail corresponding tables 341, is selected the authentication request ID and the authentication request ID3411 corresponding to record of authentication with addresses of items of mail corresponding tables 341 of extraction, afterwards from authentication, from the record of selecting, extract user mail address 3413 and settlement amounts out.Afterwards, email authentication device 3 is selected the user mail address 3413 of extraction and the addresses of items of mail 3422 corresponding to records of user management table 342 from user management table 342, afterwards, from the record of selecting, extract credit card number out.Afterwards, the email authentication device 3 contrast credit card number of from user management table 342, extracting out and be comprised in credit card in the authentication result request.When two credit card numbers were consistent, email authentication device 3 carried out the credit examination and charges.
Next, the distortion example of the 6th embodiment of the present invention is described.In the individual authentication system of the 6th embodiment, reading device 2110 has read credit card information.But, in the distortion example of the 6th embodiment, describe not reading the embodiment that credit card information, credit card payment also can carry out by reading device 2110.That is to say that the user does not physically hold credit card also can carry out credit card payment in the shop.
In the authentication request that the reading device 2110 that possesses in the distortion example of the 6th embodiment sends, do not comprise credit card number.And the authentication of the email authentication device 3 that is possessed in the distortion example of the 6th embodiment does not comprise credit card number with in the addresses of items of mail corresponding tables 341.
Processing summary for the distortion example of the 6th embodiment describes.Reading device 2110 as opportunity, sends authentication request to email authentication device 3 with user's operation.Email authentication device 3 receives authentication request, afterwards, from the authentication request that receives, extracts settlement amounts out.Next, email authentication device 3 generates authentication request ID and addresses of items of mail use in authentication, afterwards, the authentication of the authentication request ID that generates, generation is stored in to authenticate with the settlement amounts of addresses of items of mail and extraction explicitly uses in the addresses of items of mail corresponding tables 341.Next, email authentication device 3 sends the authentication request ID of generation and the authentication addresses of items of mail of generation to reading device 2110.Reading device 2110 receives authentication request ID and addresses of items of mail is used in authentication, and demonstrates the authentication addresses of items of mail of reception in display device.Mobile phone 60 with user's operation as opportunity, to the authentication that is shown addresses of items of mail send Email.Email authentication device 3 receives Email from mobile phone 60.Afterwards, email authentication device 3 is obtained the transmission source and is sent the destination addresses of items of mail from the Email that receives.Next, email authentication device 3 is stored in authentication with in the addresses of items of mail corresponding tables 341 according to the transmission destination addresses of items of mail of obtaining explicitly with transmission source addresses of items of mail and the authentication request ID that obtains.Specifically, with the addresses of items of mail corresponding tables 341, transmission destination addresses of items of mail that selection obtains and authentication are with the authentication of the addresses of items of mail corresponding tables 341 consistent record of addresses of items of mail 3412 from authentication for email authentication device 3.Next, the transmission source addresses of items of mail that will obtain of email authentication device 3 stores in the user mail address 3413 of selected record.On the other hand, reading device 2110 sends the authentication result request to email authentication device 3.Email authentication device 3 receives the authentication result request from reading device 2110, and from the authentication result request that receives, extracts authentication request ID out.Next, email authentication device 3 with the addresses of items of mail corresponding tables 341, is selected the authentication request ID and the authentication request ID3411 consistent record of authentication with addresses of items of mail corresponding tables 341 that extract out from authentication.Afterwards, email authentication device 3 is from the record of selecting, extract user mail address 3413 and settlement amounts out, afterwards, from user management table 342, the record that the user mail address 3413 of select extracting out and the addresses of items of mail of user management table 342 3422 are consistent, and from selected record, extract credit card number out.Afterwards, the credit card number of 3 pairs of extractions of email authentication device is carried out the credit examination.The credit examination is the existing examination of carrying out when utilizing credit card.The credit examination is good, and 3 pairs of credits card of email authentication device are collected settlement amounts.In addition, email authentication device 3 can be entrusted to isolated plant with credit examination and charge processing.In this case, email authentication device 3 is connected with the isolated plant that carries out credit examination and charge via network.Email authentication device 3 is judged to be and can authenticates after finishing the charge processing.Email authentication device 3 sends authentication result to reading device 2110.Reading device 2110 receives authentication results, and, in display device, demonstrate the authentication result of reception.
As mentioned above, in the distortion example of the 6th embodiment,, also can carry out credit card payment even the user does not physically have credit card in the shop.
The example application of the distortion example of the 6th embodiment of the present invention here, is described.The email authentication device 3 that is possessed in the individual authentication system of the example application of the distortion example of the 6th embodiment has the device that calculates common cost concurrently.That is to say that email authentication device 3 calculates common cost, sends bill, the managing payment situation.For example, common cost has telephone charge, cell-phone fee, the electricity charge, gas charge and water rate etc.In the 6th embodiment, the user management table 342 of email authentication device 3 is stored the e-mail address and the credit card number of mobile phone 60 explicitly.In the example application of the distortion example of the 6th embodiment, the corresponding relation of the e-mail address of user management table 342 memory mobile phone 60 of email authentication device 3 and the user's who accepts the common cost service identifier.Email authentication device 3 is aggregated in the settlement amounts in the shop in the common cost, replaces to credit card charge.The user of reading device 2110 can finish payment only by having mobile phone 60 in the shop.
(the 7th embodiment)
Below, as the individual authentication system of the 7th embodiment, illustrate in the individual authentication system of the 1st embodiment, personal computer and PDA are connected to the example of company's internal network.With the place that the individual authentication system of the 1st embodiment repeats, will use same symbol.
Most enterprises impel the information contact between the office worker again, and company's internal network are set in order both to keep the confidentiality of company's internal information.The office worker with the outside reading of company or more new company's internal information, send and receive e-mail as purpose, with personal computer or the such movable termination of PDA,, be connected to company's internal network by dialing or the such means of communication of VPN.In the past, the office worker was connected to company's internal network after being input user ID and password.The user of personal computer or PDA is connected to company's internal network with movable termination after utilizing the authentication method of the 1st embodiment to accept authentication.In this case, customer set up 10 is intended to be connected to the movable termination of company's internal network.And email authentication device 3 is management servers of management company's internal network.The office worker does not need to input user ID and password, just can be connected to company's internal network.In addition, be different from the 2nd customer set up of movable termination,, can further improve security to email authentication device 3 send Emails by utilization.In this case, plan movable termination is connected to the user of company's internal network, if do not have movable termination and can send the user mail address as the 2nd customer set up of the Email in transmission source the two, just can't accept the personal authentication.Therefore, only obtained other people of movable termination,, also can't accept authentication even be masquerading as the user of this movable termination.That is to say,, also can prevent the outflow of information even if movable termination is lost.
(the 8th embodiment)
Below, as the individual authentication system of the 8th embodiment, in the individual authentication system of the 1st embodiment, the example that slim client computer (THIN CLIENT) is connected to company's internal network describes.With the place that the individual authentication system of the 1st embodiment repeats, will use same symbol.
Slim client computer is the personal computer that possesses the auxilary unit of bottom line necessity.Enterprise imports slim client machine system, prevents from because of the stolen of personal computer or lose the information that causes to flow out.The auxilary unit of slim client apparatus is not stored complete intra-company's data and application software.Intra-company's data and application software are stored by centralized servers.The office worker operates slim client apparatus and after being connected to centralized servers, reads, upgrades intra-company's data.If former, the office worker inputs after user ID and the password, is connected to centralized servers.The user of slim client apparatus utilizes the authentication method of the 1st embodiment, after accepting to authenticate, slim client apparatus is connected to company's internal network.At this moment, customer set up 10 is intended to be connected to the slim client apparatus of centralized servers.In addition, email authentication device 3 is management servers that are connected of management slim client apparatus and server.Management server is included in the centralized servers also passable.The office worker does not input user ID and password, just can be connected to centralized servers to slim client apparatus.
(the 9th embodiment)
Below, as the individual authentication system of the 9th embodiment, in the individual authentication system of the 1st embodiment, the example that personal computer and PDA is connected to public wireless LAN describes.With the place that the individual authentication system of the 1st embodiment repeats, will use same-sign.
The public wireless LAN that is connected to the internet in the company outside is popularized.In the past, after the user of public wireless LAN inputs user ID and password, personal computer and the such movable termination of PDA were connected to the accessing points of public wireless LAN.The user of public wireless LAN is connected to accessing points with movable termination after accepting authentication by the authentication method of the 1st embodiment.At this moment, customer set up 10 is intended to be connected to the movable termination of accessing points.In addition, email authentication device 3 is management servers that are connected of management movable termination and accessing points.The user of public wireless LAN does not need to input user ID and password, just can be connected to accessing points.
(the 10th embodiment)
The individual authentication system of the 10th embodiment below will be described, but with the place that the individual authentication system of the 1st embodiment repeats, omit explanation by using same-sign.
The individual authentication system of the 10th embodiment uses the Customer ID as the identifier of customer set up 10 to replace authentication request ID.In addition, the individual authentication system of the 10th embodiment goes for any one in the the the 1st~the 9th and the 11st~the 14th individual authentication system.Here, the situation to the Verification System that is applicable to the 1st embodiment describes.
The individual authentication system of the 10th embodiment, the authentication in being stored in email authentication device 3 is with the addresses of items of mail corresponding tables (Fig. 5), and is identical with the individual authentication system (Fig. 1) of the 1st embodiment.
Figure 12 is stored in authentication in the auxilary unit of email authentication device 3 of the 10th embodiment with the pie graph of addresses of items of mail corresponding tables 20341.Authentication comprises Customer ID 203411, authenticates with addresses of items of mail 3412 and user mail address 3413 with in the addresses of items of mail corresponding tables 20341.Authentication is with addresses of items of mail 3412 and user mail address 3413, with the personal authentication who is comprised in the 1st embodiment identical with in the addresses of items of mail corresponding tables (Fig. 5), so omit explanation.Customer ID 203411 is unique identifiers of the customer set up 10 that possesses in the individual authentication system.In addition, store the Customer ID that is comprised in from the authentication request that customer set up 10 sends in the Customer ID 203411.
Next, the processing for the individual authentication system of the 10th embodiment describes.In addition, for the processing identical, will omit explanation with the 1st embodiment.Customer set up 10 sends the authentication request of the Customer ID that comprises self.Afterwards, email authentication device 3 will authenticate with addresses of items of mail and distribute to the Customer ID that is comprised in the authentication request that is received.Afterwards, email authentication device 3 is used in the addresses of items of mail corresponding tables 20341 in authentication, and storage package is contained in the Customer ID and the corresponding relation of the authentication that is assigned to this Customer ID with addresses of items of mail in the authentication request that is received.Specifically, the newly-generated addresses of items of mail that can receive by email authentication device 3 of email authentication device 3.Next, email authentication device 3 is used in the addresses of items of mail corresponding tables 20341 in authentication, generates new record, and afterwards, in the Customer ID 203411 of the new record that is generated, storage is comprised in the Customer ID in the authentication request that is received.And, email authentication device 3 the authentication of the new record that is generated with addresses of items of mail 3412 in the authentication addresses of items of mail that generated of storage.
Next, email authentication device 3 sends the authentication addresses of items of mail that is generated by network 9 to customer set up 10.Customer set up 10 receives authentication from email authentication device 3 and uses addresses of items of mail, afterwards, demonstrates the authentication addresses of items of mail of reception in display device.
Customer set up 10 with user's operation as opportunity, to the authentication that is shown addresses of items of mail send Email.Afterwards, email authentication device 3 receives this Email from customer set up 10, and obtains the transmission source and send the destination addresses of items of mail from this mail.Afterwards, with the addresses of items of mail corresponding tables 20341, the transmission destination addresses of items of mail that selection obtains and authentication are with the authentication of the addresses of items of mail corresponding tables 20341 consistent record of addresses of items of mail 3412 from authentication for email authentication device 3.Afterwards, email authentication device 3 is extracted Customer ID 203411 out from the record of selecting.Next, email authentication device 3 is selected the addresses of items of mail 3422 corresponding to records of obtained transmission source addresses of items of mail and user management table 342 from user management table 342, and from selected record, extracts user ID 3421 out.Afterwards, the authentication request that email authentication device 3 will send from the customer set up 10 by Customer ID 203411 identifications of extracting out, being judged as is authentication request by the user of user ID 3421 identifications of extracting out.Then, email authentication device 3 is judged the user who whether authenticates by user ID 3421 identifications of extracting out, afterwards, authentication result is sent to the customer set up of being discerned by the Customer ID of extracting out 203,411 10.At this moment, email authentication device 3 does not receive the authentication result request, authentication result can be sent to customer set up 10 yet.
In addition, following also passable.Email authentication device 3 receives Email from customer set up 10, obtains the transmission source then and send the destination addresses of items of mail from this mail.Afterwards, email authentication device 3 is used the addresses of items of mail corresponding tables 20341 from authentication, select obtained transmission destination addresses of items of mail and the authentication addresses of items of mail 3412 corresponding to records of authentication with addresses of items of mail corresponding tables 20341, afterwards, the transmission source addresses of items of mail of obtaining is stored in the user mail address 3413 of selected record.
On the other hand, customer set up 10 sends the authentication result request of the Customer ID that comprises self to email authentication device 3.Email authentication device 3 is used the addresses of items of mail corresponding tables 20341 from authentication, selection is comprised in the Customer ID and the Customer ID 203411 corresponding to records of authentication with addresses of items of mail corresponding tables 20341 in the authentication result request, and extracts user mail address 3413 out from this record.Afterwards, email authentication device 3 is the same with the 1st embodiment, judges authentication result according to the user mail address 3413 of extracting out.Specifically, email authentication device 3 is judged to be and can not authenticates in the time can't extracting user mail address 3413 out.On the contrary, in the time of can extracting user mail address 3413 out, email authentication device 3 is selected the user mail address 3413 of extraction and the addresses of items of mail 3422 corresponding to records of user management table 342 (Fig. 6) from user management table 342.When email authentication device 3 can't be extracted the record of addresses of items of mail unanimity out, be judged to be and authenticate.On the contrary, in the time of can extracting the record of addresses of items of mail unanimity out, be judged to be and authenticate.Thus, email authentication device 3 can be determined the user in the source of sending of authentication request.Specifically, email authentication device 3 is extracted user ID 3421 out from the record of selecting.Afterwards, determining from the source of sending of the authentication request that is sent by the customer set up 10 that is comprised in the Customer ID identification the authentication result request, is the user by user ID 3421 identifications of extracting out.In addition, email authentication device 3 can will cover in the authentication result with user ID 3421 corresponding user's intrinsic informations of extracting out.Afterwards, email authentication device 3 sends to authentication result by the customer set up 10 that is comprised in the Customer ID identification in the authentication result request by network 9.In addition, the above-mentioned processing in addition of the 10th embodiment, all identical with the 1st embodiment.Therefore, omit explanation for same processing.In addition, in the present embodiment, can utilize communication, replace Email based on SIP.
And, in the 10th embodiment of the present invention, can in advance unduplicated authentication be distributed to all customer set ups 10 respectively with addresses of items of mail.In this case, customer set up 10 and authentication with constant, and are stored into authentication with in the addresses of items of mail corresponding tables 20341 etc. with the corresponding relation of addresses of items of mail in advance.Afterwards, email authentication device 3 can be according to sending the destination addresses of items of mail, determines the customer set up 10 in transmission source of user's authentication request.
(the 11st embodiment)
Below the individual authentication system of the 11st embodiment is described, still, the place with the individual authentication system of the 1st embodiment repeats will utilize same symbol to omit explanation.
In the individual authentication system of the 11st embodiment, authentication request ID is omitted.In addition, the individual authentication system of the 11st embodiment goes for any one in the the the 1st~the 10th and the 12nd~the 14th individual authentication system.Here, the situation for the individual authentication system that is applicable to the 1st embodiment describes.
The email authentication device 3 of the 11st embodiment except authentication with the addresses of items of mail corresponding tables 341, identical with the email authentication device that is possessed in the individual authentication system of the 1st embodiment, so omit explanation.
Figure 13 is stored in authentication in the auxilary unit 34 of email authentication device 3 of the 11st embodiment with the pie graph of addresses of items of mail corresponding tables 341.The authentication of the 11st embodiment is with addresses of items of mail corresponding tables 341, and is except authentication request ID3411 is omitted this point, identical with the addresses of items of mail corresponding tables (Fig. 5) of the 1st embodiment.
Next, utilize figure that the processing of the authenticating method of the 11st embodiment is described.Figure 14 is the sequence chart of processing of the authenticating method of the 11st embodiment.
Customer set up 10 as opportunity, by network 9, sends user's operation authentication to email authentication device 3 and obtains request (ST111) with addresses of items of mail.
Next, email authentication device 3 sends the authentication addresses of items of mail (ST20116) that generates by network 9 to customer set up 10.
Customer set up 10 receives authentication addresses of items of mail (ST20117) from email authentication device 3.
Customer set up 10 with user's operation as opportunity, by network 9, to authentication with addresses of items of mail send Email (ST118).
Afterwards, email authentication device 3 receives Email (ST119) from customer set up 10, and from this Email, obtains the transmission source and send the destination addresses of items of mail.Afterwards, email authentication device 3 generates new record in authenticating with addresses of items of mail corresponding tables 341, and uses in the addresses of items of mail 3412 in the authentication of new record, stores obtained transmission destination addresses of items of mail.Afterwards, email authentication device 3 is stored obtained transmission source addresses of items of mail (ST20120) in the user mail address 3413 of new record.
On the other hand, customer set up 10 comprises the authentication request (ST20121) that addresses of items of mail is used in the authentication that is received by network 9 to 3 transmissions of email authentication device.In addition, customer set up 10 with user's operation as opportunity send authentication request also can, each is fixed time, and to send authentication request also passable.
Afterwards, email authentication device 3 receives authentication request (ST20122) from customer set up 10, afterwards, obtains the authentication addresses of items of mail from the authentication request that receives.Next, email authentication device 3 is used the addresses of items of mail corresponding tables 341 from authentication, selects obtained authentication addresses of items of mail and the authentication addresses of items of mail 3412 corresponding to records of authentication with addresses of items of mail corresponding tables 341.Afterwards, email authentication device 3 is extracted user mail address 3413 out from selected record.In addition, when email authentication device 3 can't be extracted user mail address 3413 out, be judged to be and authenticate.On the other hand, email authentication device 3 is selected the user mail address 3413 of extraction and the addresses of items of mail 3422 corresponding to records (ST20123) of user management table 342 (Fig. 6) from user management table 342.When email authentication device 3 can't be extracted the record of addresses of items of mail unanimity out from user management table 342, be judged to be and authenticate.
On the contrary, email authentication device 3 is judged to be and can authenticates in the time can selecting the record of addresses of items of mail unanimity.Thus, email authentication device 3 can be determined the user in the source of sending of authentication request.Specifically, email authentication device 3 is extracted user ID 3421 out from selected record.Afterwards, email authentication device 3 determines that the source of sending of the authentication request of reception is the user by user ID 3421 identifications of extracting out.
Next, email authentication device 3 sends authentication result (ST124) by network 9 to customer set up 10.In addition, email authentication device 3 can will be sent to customer set up 10 with authentication result with user ID 3421 corresponding user's intrinsic informations of extracting out.
Afterwards, customer set up 10 receives authentication result (ST125) from email authentication device 3.
At this moment, email authentication device 3 will authenticate with addresses of items of mail generation information and replace authentication to use addresses of items of mail, be sent to customer set up 10.Authentication is that customer set up 10 is used to generate the information of authentication with addresses of items of mail with addresses of items of mail generation information.
It for example is client's side program of recording and narrating with Java (registered trademark) Script that authentication generates information with addresses of items of mail.
Customer set up 10 generates information according to the authentication that receives with addresses of items of mail, generates the authentication addresses of items of mail.For example, at least one that customer set up 10 utilizes in the moment and the random number generates the authentication addresses of items of mail.
In addition, the authentication of generation must be unique with addresses of items of mail.Therefore, the authentication that customer set up 10 the generates character string number of addresses of items of mail, the number of users corresponding to email authentication device 3 authenticates at the appointed time is made as sufficient length.
In addition, the authentication of the 11st embodiment obtains the authentication request of request corresponding to the 1st~10 embodiment with addresses of items of mail.In addition, the authentication request of the 11st embodiment is corresponding to the authentication result request of the 1st~10 embodiment.
(the 12nd embodiment)
Below the individual authentication system of the 12nd embodiment is described, still, the place with the individual authentication system of the 1st embodiment repeats will utilize same symbol to omit explanation.
The individual authentication system of the 12nd embodiment utilizes authentication request ID to replace the authentication addresses of items of mail.In addition, utilize Customer ID to replace authentication also passable with addresses of items of mail.In addition, the individual authentication system of the 12nd embodiment goes for any one in the the the 1st~the 11st and the 13rd~the 14th individual authentication system.Here, the situation to the Verification System that is applicable to the 1st embodiment describes.
The email authentication device 3 of the 12nd embodiment except authentication with the addresses of items of mail corresponding tables 341, identical with the email authentication device that possesses in the individual authentication system of the 1st embodiment, so omit explanation.
Figure 15 is stored in authentication in the auxilary unit 34 of email authentication device 3 of the 12nd embodiment with the pie graph of addresses of items of mail corresponding tables 341.The authentication of the 12nd embodiment is with addresses of items of mail corresponding tables 341, and is except authentication is omitted this point with addresses of items of mail 3412, identical with the addresses of items of mail corresponding tables (Fig. 5) of the 1st embodiment.
Next, utilize figure that the processing of the authenticating method of the 12nd embodiment is described.Figure 16 is the sequence chart of processing of the authenticating method of the 12nd embodiment.
Customer set up 10 as opportunity, by network 9, is obtained user's operation request with authentication request ID and is sent to email authentication device 3 (ST111).
Customer set up 10 receives authentication request ID and addresses of items of mail (ST30117) from email authentication device 3.
Customer set up 10 as opportunity, by network 9, sends the Email (ST30118) that comprises authentication request ID with user's operation.In addition, the transmission destination addresses of items of mail of Email is the addresses of items of mail that receives from email authentication device 3, so long as the addresses of items of mail that email authentication device 3 can receive, any addresses of items of mail can.In addition, be comprised in authentication request ID in the Email and can be documented in this paper, theme or add in the file any one, and can be encrypted.
Afterwards, email authentication device 3 receives Email (ST3019) from customer set up 10, afterwards, from this mail, extracts transmission source addresses of items of mail and authentication request ID out.Next, email authentication device 3 is used in authentication and is generated new record in the addresses of items of mail corresponding tables 341, and in the authentication request ID3411 of new record, store obtained authentication request ID, afterwards, in the user mail address 3413 of new record, store obtained transmission source addresses of items of mail (ST30120).
On the other hand, customer set up 10 sends the authentication request (ST121) of the authentication request ID that comprises reception by network 9 to email authentication device 3.In addition, it is also passable that customer set up 10 sends authentication request with user's operation as opportunity, and each is fixed time, and to send authentication request also passable.
Afterwards, email authentication device 3 receives authentication request (ST122) from customer set up 10, and obtains authentication request ID from the authentication request that receives.Next, email authentication device 3 with the addresses of items of mail corresponding tables 341, is selected obtained authentication request ID and the authentication request ID3411 corresponding to record of authentication with addresses of items of mail corresponding tables 341, afterwards from authentication, from the record of selecting, extract user mail address 3413 out.When email authentication device 3 can't be extracted user mail address 3413 out, be judged to be and authenticate.On the other hand, email authentication device 3 is selected the user mail address 3413 of extraction and the addresses of items of mail 3422 corresponding to records (ST30123) of user management table 342 (Fig. 6) from user management table 342.Email authentication device 3 is judged to be and can not authenticates under the situation of the record that can't extract the addresses of items of mail unanimity from user management table 342 out.
On the contrary, if email authentication device 3 can be selected the record of addresses of items of mail unanimity, then be judged to be and authenticate.Thus, email authentication device 3 can be determined the user in the source of sending of authentication request.Specifically, email authentication device 3 is extracted user ID 3421 out from the record of selecting, and afterwards, determines that the source of sending by the authentication request of the authentication request ID identification that obtains is the user by user ID 3421 identifications of extracting out.
Next, email authentication device 3 is sent to customer set up 10 (ST124) by network 9 with authentication result.In addition, email authentication device 3 can with user ID 3421 corresponding user's intrinsic informations of extracting out, with authentication result, be sent to customer set up 10.
Afterwards, customer set up 10 receives authentication result (ST125) from email authentication device 3.
(the 13rd embodiment)
Below the individual authentication system of the 13rd embodiment is described, but with the place that the individual authentication system of the 1st embodiment repeats, by using same symbol, omit explanation.
In the individual authentication system of the 13rd embodiment, generate the authentication addresses of items of mail by email authentication device 3.But, in the individual authentication system of the 13rd embodiment, generate the authentication addresses of items of mail by customer set up 10.The individual authentication system of the 13rd embodiment goes for any one in the the 1st~the 12nd and the 14th individual authentication system.Here, the situation to the individual authentication system that is applicable to the 1st embodiment describes.
Customer set up 10 for the 13rd embodiment describes.Here, compare, the unique point of the customer set up 10 in the 13rd embodiment is described with the customer set up 10 in the 1st embodiment.
Customer set up 10 sends authentication to email authentication device 3 and obtains request with addresses of items of mail generation information by user's operation.Afterwards, customer set up 10 receives authentication from email authentication device 3 and generates information with addresses of items of mail.Authentication is that customer set up 10 is used to generate the information of authentication with addresses of items of mail with addresses of items of mail generation information.It for example is client's side program with Java (registered trademark) Script record.In addition, authentication comprises the territory of email authentication device 3 receivable Emails with addresses of items of mail generation information.In addition, authentication can be stored in the customer set up 10 in advance with addresses of items of mail generation information.Customer set up 10 generates information according to the authentication that is received with addresses of items of mail, generates the authentication addresses of items of mail.For example, customer set up 10 can utilize constantly and random number at least one generate the authentication addresses of items of mail.And the authentication of generation must be unique with addresses of items of mail.Therefore, the authentication that customer set up 10 generates corresponding to the number of users that email authentication device 3 authenticates, is made as enough length with the character string number of addresses of items of mail in official hour.
Customer set up 10 sends part or all the authentication request that comprises the e-mail address that generated to email authentication device 3.The transmission opportunity of authentication request is the generation end of authentication usefulness addresses of items of mail etc.
Next, the email authentication device 3 for the 13rd embodiment describes.With email authentication device 3 comparisons in the 1st embodiment, the unique point of the email authentication device 3 in the 13rd embodiment is described here.
Next, the processing for the authenticating method of the 13rd embodiment describes.
Customer set up 10 as opportunity, sends user's operation authentication to email authentication device 3 and obtains request with addresses of items of mail generation information.
Customer set up 10 receives authentication from email authentication device 3 and generates information with addresses of items of mail, afterwards, generates authentication and uses addresses of items of mail, and will comprise the authentication that generated and be sent to email authentication device 3 with part or all authentication request of addresses of items of mail.
Customer set up 10 receives authentication request ID from email authentication device 3, afterwards, demonstrates the authentication addresses of items of mail of generation in display device.
In addition, the individual authentication system in individual authentication system in the 13rd embodiment and the 1st embodiment is same, and authentication can be used as the identifier that is used to discern authentication request with addresses of items of mail and is used.At this moment, authentication request ID is omitted.Therefore, email authentication device 3 does not generate authentication request ID.Afterwards, email authentication device 3 is used in the addresses of items of mail corresponding tables 341 in authentication, and only storage is from the authentication addresses of items of mail of customer set up 10 receptions.In addition, email authentication device 3 does not send authentication request ID to customer set up 10.
Turn back to the explanation of processing of the authenticating method of the 13rd embodiment here.In addition, processing afterwards is identical with the authenticating method of the 1st embodiment.
Customer set up 10 or the 2nd customer set up with user's operation as opportunity, to authentication addresses of items of mail send Email.
After email authentication device 3 receives Email, the addresses of items of mail of from this mail, obtaining the transmission source and sending the destination.Next, email authentication device 3 is used the addresses of items of mail corresponding tables 341 from authentication, select obtained transmission destination addresses of items of mail and the authentication addresses of items of mail 3412 corresponding to records of authentication with addresses of items of mail corresponding tables 341, afterwards, in the user mail address 3413 of the record of selecting, store obtained transmission source addresses of items of mail.The transmission source of the Email that email authentication device 3 administrative institutes receive and the addresses of items of mail that sends the destination.That is to say the Email that email authentication device 3 administrative institutes receive.
On the other hand, customer set up 10 sends the authentication result request that comprises the authentication request ID that is received to email authentication device 3.In addition, customer set up 10 can send the authentication result request with user's operation as opportunity, also can each fix time and send authentication result request.
Afterwards, email authentication device 3 receives the authentication result request from customer set up 10, afterwards, obtains authentication request ID from this authentication result request.Afterwards, email authentication device 3 is used the addresses of items of mail corresponding tables 341 from authentication, select obtained authentication request ID and the authentication request ID3411 corresponding to record of authentication, and from the record of selecting, extract user mail address 3413 out with addresses of items of mail corresponding tables 341.When email authentication device 3 can't be extracted user mail address 3413 out, be judged to be and authenticate.On the other hand, email authentication device 3 is selected the addresses of items of mail 3422 corresponding to records of the user mail address 3413 extracted out and user management table 342 from user management table 342.When email authentication device 3 can't be extracted the record of addresses of items of mail unanimity out from user management table 342, be judged to be and authenticate.On the contrary, when having selected the record of addresses of items of mail unanimity, be judged to be and authenticate.Afterwards, email authentication device 3 sends authentication result to customer set up 10.At this moment, email authentication device 3 can send other intrinsic information of user of management in user management table 342 together.
Customer set up 10 receives authentication result from email authentication device 3.
In addition, in the individual authentication system in the 13rd embodiment, when not using authentication request ID, customer set up 10 sends to email authentication device 3 and comprises part or all the authentication result request of authentication with addresses of items of mail.
As mentioned above, the user of customer set up 10 need not input user ID and password, just can accept the personal authentication.
In the individual authentication system of the 13rd embodiment, authentication is not to be generated by an email authentication device 3 with addresses of items of mail, but is generated by a plurality of customer set ups 10.Therefore, the load of the 3 couples of CPU of email authentication device in the individual authentication system of duty ratio the 1st embodiment of the 3 couples of CPU of email authentication device in the individual authentication system of the 13rd embodiment is light.So the email authentication device 3 in the individual authentication system of the 13rd embodiment can authenticate more user at the appointed time.
Next, describe for the embodiment after the distortion of the 13rd embodiment.Email authentication device 3 in the individual authentication system of the 13rd embodiment has generated authentication request ID.But it is also passable to generate authentication request ID by customer set up 10.At this moment, customer set up 10 generates information with authentication with addresses of items of mail and receives authentication request ID generation information from email authentication device 3.Authentication request ID generation information is the information that is used to generate authentication request ID.It for example is client's side program of recording and narrating with Java (login trade mark) Script that authentication request ID generates information.Email authentication device 3 generates information according to authentication with addresses of items of mail, generates the authentication addresses of items of mail.Equally, email authentication device 3 generates information according to authentication request ID, generates authentication request ID.Customer set up 10 sends the authentication request ID that addresses of items of mail and generation are used in the authentication that is generated to email authentication device 3.Email authentication device 3 receives authentication with addresses of items of mail and authentication request ID, afterwards, the authentication that receives is stored in to authenticate with the authentication request ID of addresses of items of mail and reception accordingly uses in the addresses of items of mail corresponding tables 341.Processing afterwards is identical with above-mentioned the 13rd embodiment.
In addition, use Email in the present embodiment, but also can use agreement that UA (user agent) constitutes with the address pattern identical with Email etc.This agreement for example is SIP (SESSION INITIATION PROTOCOL).
(the 14th embodiment)
Below the individual authentication system of the 14th embodiment is described, but with the place that the individual authentication system of the 5th embodiment repeats, by using same-sign, omit explanation.
In the individual authentication system of the 14th embodiment, ATM email authentication device 923 generates the authentication addresses of items of mail.But in the individual authentication system of the 14th embodiment, ATM2010 generates the authentication addresses of items of mail.In addition, here, for utilizing ATM_ID to replace the situation of authentication request ID to describe.
ATM2010 for the 14th embodiment describes.Here, compare, the unique point of the ATM2010 in the 14th embodiment is described with ATM2010 in the 5th embodiment.
ATM2010 as opportunity, generates user's operation authentication and use addresses of items of mail, afterwards, and to the authentication addresses of items of mail of authentication with server transmission ATM_ID and generation.
Next, the ATM email authentication device 923 for the 14th embodiment describes.Here, compare, the unique point of the ATM email authentication device 923 in the 14th embodiment is described with the ATM email authentication device 923 in the 5th embodiment.
ATM email authentication device 923 receives ATM_ID and authentication addresses of items of mail from ATM2010.Afterwards, ATM email authentication device 923 is stored in authentication with in the addresses of items of mail corresponding tables 341 with the ATM_ID of reception and the authentication of reception accordingly with addresses of items of mail.
Next, the processing for the authenticating method of the 14th embodiment describes.
ATM2010 as opportunity, generates the authentication addresses of items of mail with user's operation.Afterwards, ATM2010 sends authentication addresses of items of mail and the ATM_ID that is generated to ATM email authentication device 923, and shows the authentication addresses of items of mail that is generated in display device.At this moment, ATM2010 can be transformed to the QR coding to the authentication that generates with addresses of items of mail and waits and show.
ATM email authentication device 923 receives authentication addresses of items of mail and ATM_ID.Afterwards, ATM email authentication device 923 authentication that will receive is stored in authentication with in the addresses of items of mail corresponding tables 341 accordingly with the ATM_ID of addresses of items of mail and reception.
Mobile phone 2060 with user's operation as opportunity, to ATM email authentication device 923 send Emails.The transmission destination of Email is an addresses of items of mail shown in ATM2010.
ATM email authentication device 923 receives Email from ATM2010, and obtains the transmission source and send the destination addresses of items of mail from this mail.Afterwards, ATM email authentication device 923 is used the addresses of items of mail corresponding tables 341 from authentication, select the addresses of items of mail and the authentication addresses of items of mail 3412 corresponding to records of authentication of obtained transmission destination, and from the record of selecting, extract ATM_ID out with addresses of items of mail corresponding tables 341.
Next, ATM email authentication device 923 is selected the addresses of items of mail 3422 corresponding to records of obtained transmission source addresses of items of mail and user management table 342 from user management table 342.When ATM email authentication device 923 can't be extracted the record of addresses of items of mail unanimity out from user management table 342, be judged to be and authenticate.On the contrary, in the time of can selecting the record of addresses of items of mail unanimity, be judged to be and authenticate.Afterwards, ATM email authentication device 923 is sent to authentication result the ATM2010 that is discerned by the ATM_ID that extracts out.
ATM2010 receives authentication result from ATM email authentication device 923.
As mentioned above, the user of ATM2010 need not input user ID and password, just can accept the personal authentication.
In the individual authentication system of the 14th embodiment, authentication is not to be generated by an ATM email authentication device 923 with addresses of items of mail, but is generated by a plurality of ATM2010.Therefore, the load of the 3 couples of CPU of email authentication device in the individual authentication system of duty ratio the 5th embodiment of the 923 couples of CPU of ATM email authentication device in the individual authentication system of the 14th embodiment is light.So the email authentication device 3 in the individual authentication system of the 14th embodiment can authenticate more user at the appointed time.
In addition, utilize Email in the present embodiment, but also can use agreement that UA (user agent) constitutes with the address pattern identical with Email etc.This agreement for example is SIP (SESSION INITIATION PROTOCOL).
Below, the feature of the 13rd and the 14th embodiment is narrated.A kind of authentication computer, be connected with a plurality of client computers via network, and possesses processor, storer and interface, it is characterized in that, above-mentioned memory stores is represented the user profile of corresponding relation of user and this user's addresses of items of mail, and above-mentioned processor receives the addresses of items of mail that can receive as this authentication computer and as the authentication addresses of items of mail of the addresses of items of mail of the authentication that is used for this client computer from above-mentioned client computer; Receive Email; After receiving the authentication result request from above-mentioned client computer, determine the corresponding authentication addresses of items of mail of authentication result request with this reception; From the Email of above-mentioned reception, determine to use addresses of items of mail as the Email that sends the destination above-mentioned definite authentication, and from above-mentioned definite Email, determine transmission source addresses of items of mail; With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail; To send to client computer with above-mentioned definite user's information corresponding as the transmission source of the authentication result request of above-mentioned reception.
A kind of authentication computer, be connected with a plurality of client computers via the 1st network, sending terminal via the 2nd network and a plurality of mails is connected, and possesses processor, storer and interface, it is characterized in that, above-mentioned memory stores is represented the user profile of corresponding relation of user and this user's addresses of items of mail, and above-mentioned processor receives the addresses of items of mail that can receive as this authentication computer and as the authentication addresses of items of mail of the addresses of items of mail of the authentication that is used for this client computer via above-mentioned the 1st network from above-mentioned client computer; Send terminal via above-mentioned the 2nd network from above-mentioned mail and receive Email; From the Email of this reception, determine to send destination addresses of items of mail and the source of transmission addresses of items of mail; With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail; Determine above-mentioned definite transmission destination addresses of items of mail as the client computer of above-mentioned authentication with the addresses of items of mail transmission; Via above-mentioned the 1st network, send and above-mentioned definite user's information corresponding to above-mentioned definite client computer.
It is characterized in that above-mentioned processor is determined the authentication addresses of items of mail corresponding with the authentication result request of above-mentioned reception according to having received the communication and the corresponding relation of communicating by letter that has received above-mentioned authentication result request of above-mentioned authentication with addresses of items of mail.
It is characterized in that, above-mentioned processor is given identifier to having received above-mentioned authentication with the communication of addresses of items of mail, according to the identifier in the authentication result request that is included in above-mentioned reception, determined to receive the communication and the corresponding relation of communicating by letter that received above-mentioned authentication result request of above-mentioned authentication with addresses of items of mail.
And above-mentioned authentication computer sends terminal with mail and is connected, and above-mentioned processor any one from above-mentioned client computer or above-mentioned mail transmission terminal receives Email.
It is characterized in that above-mentioned processor sends as above-mentioned client computer to this client computer and generates information for the authentication that generates above-mentioned authentication necessary information with addresses of items of mail with addresses of items of mail.
A kind of authentication computer, be connected with a plurality of client computers via network, and possesses processor, storer and interface, it is characterized in that, above-mentioned memory stores is represented the user profile of corresponding relation of user and this user's user agent address, and above-mentioned processor receives the user agent address that can receive as this authentication computer and uses the user agent address as the authentication of the user agent address of the authentication that is used for this client computer from above-mentioned client computer; Receive signaling; After receiving the authentication result request from above-mentioned client computer, determine to use the user agent address with the corresponding authentication of authentication result request of this reception; From the signaling of above-mentioned reception, determine to use the user agent address as the signaling that sends the destination above-mentioned definite authentication, and from above-mentioned definite signaling, determine to send the source user agent address; With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user in transmission source user agent address; To send to client computer with above-mentioned definite user's information corresponding as the transmission source of the authentication result request of above-mentioned reception.
A kind of authentication computer, be connected with a plurality of client computers via the 1st network, sending terminal via the 2nd network and a plurality of signalings is connected, and possesses processor, storer and interface, it is characterized in that, above-mentioned memory stores is represented the user profile of corresponding relation of user and this user's user agent address, and above-mentioned processor receives the user agent address that can receive as this authentication computer and uses the user agent address as the authentication of the user agent address of the authentication that is used for this client computer from above-mentioned client computer via above-mentioned the 1st network; Send terminal via above-mentioned the 2nd network from above-mentioned signaling and receive signaling; From the signaling of this reception, determine to send user agent address, destination and send the source user agent address; With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user in transmission source user agent address; Determine above-mentioned definite user agent address, transmission destination as the client computer of above-mentioned authentication with the transmission of user agent address; Via above-mentioned the 1st network, send and above-mentioned definite user's information corresponding to above-mentioned definite client computer.
It is characterized in that above-mentioned processor is determined to use the user agent address with the corresponding authentication of authentication result request of above-mentioned reception according to having received the communication and the corresponding relation of communicating by letter that has received above-mentioned authentication result request of above-mentioned authentication with the user agent address.
It is characterized in that, above-mentioned processor is given identifier to having received above-mentioned authentication with the communication of user agent address, according to the identifier in the authentication result request that is included in above-mentioned reception, determined to receive the communication and the corresponding relation of communicating by letter that received above-mentioned authentication result request of above-mentioned authentication with the user agent address.
And, it is characterized in that above-mentioned authentication computer sends terminal with signaling and is connected, above-mentioned processor any one from above-mentioned client computer or above-mentioned signaling transmission terminal receives signaling.
It is characterized in that above-mentioned processor sends as above-mentioned client computer in order to generate above-mentioned authentication with the user agent address and the authentication of necessary information generates information with the user agent address to this client computer.
Representative embodiments of the present invention can be used in the individual authentication system that has improved security and convenience.
Claims (25)
1. an authentication computer is connected with a plurality of client computers via network, and possesses processor, storer and interface, it is characterized in that,
Above-mentioned storer
The user profile of the corresponding relation of storage representation user and this user's addresses of items of mail,
Above-mentioned processor
After receiving authentication request from above-mentioned client computer, addresses of items of mail in the addresses of items of mail that this authentication computer can be received, that be not assigned to the authentication request that receives before any one is distributed to the authentication request of this reception;
Receive Email;
After receiving the authentication result request from above-mentioned client computer, determine the corresponding authentication request of authentication result request with this reception;
Determine to be assigned to the transmission source addresses of items of mail of the addresses of items of mail of above-mentioned definite authentication request as the Email that sends the destination;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail;
To send to client computer with above-mentioned definite user's information corresponding as the transmission source of the authentication result request of above-mentioned reception.
2. an authentication computer is connected with a plurality of client computers via the 1st network, sends terminal via the 2nd network and a plurality of mails and is connected, and possess processor, storer and interface, it is characterized in that,
Above-mentioned storer
The user profile of the corresponding relation of storage representation user and this user's addresses of items of mail,
Above-mentioned processor
After receiving the authentication request of the identifier that comprises this client computer via above-mentioned the 1st network from above-mentioned client computer, addresses of items of mail in the addresses of items of mail that this authentication computer can be received, that be not assigned to the identifier of any one other client computer is distributed to the identifier of the client computer that comprises in the authentication request of this reception;
Send terminal via above-mentioned the 2nd network from above-mentioned mail and receive Email;
From the Email of this reception, determine to send destination addresses of items of mail and the source of transmission addresses of items of mail;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail;
Determined to be assigned with the identifier of the client computer of above-mentioned definite transmission destination addresses of items of mail;
Via above-mentioned the 1st network, send and above-mentioned definite user's information corresponding to client computer by the identifier identification of above-mentioned definite client computer.
3. an authentication computer is connected with a plurality of client computers via the 1st network, sends terminal via the 2nd network and a plurality of mails and is connected, and possess processor, storer and interface, it is characterized in that,
Above-mentioned memory stores: the user profile of the corresponding relation of expression user and this user's addresses of items of mail; The authentication addresses of items of mail corresponding informance of corresponding relation in the addresses of items of mail that can receive with expression above-mentioned client computer and this authentication computer, that repeatedly be not assigned to the addresses of items of mail of this client computer with other client computer,
Above-mentioned processor
Send terminal via above-mentioned the 2nd network from above-mentioned mail and receive Email;
From the Email of this reception, determine to send destination addresses of items of mail and the source of transmission addresses of items of mail;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail;
With reference to above-mentioned authentication addresses of items of mail corresponding informance, determined to be assigned with the client computer of above-mentioned definite transmission destination addresses of items of mail;
Via above-mentioned the 1st network, send and above-mentioned definite user's information corresponding to above-mentioned definite client computer.
4. authentication computer as claimed in claim 1 or 2 is characterized in that,
Above-mentioned processor
After distributing addresses of items of mail,, remove the distribution of this addresses of items of mail through after the stipulated time;
The above-mentioned addresses of items of mail that distributes of having removed of sub-distribution again.
5. authentication computer as claimed in claim 1 is characterized in that,
Above-mentioned storer
The authentication addresses of items of mail corresponding informance of corresponding relation of the authentication request of the above-mentioned reception of storage representation and the addresses of items of mail of distributing to this authentication request,
Above-mentioned processor
With reference to above-mentioned authentication addresses of items of mail corresponding informance, determine to be assigned to the addresses of items of mail of above-mentioned definite authentication request.
6. authentication computer as claimed in claim 1 is characterized in that,
Above-mentioned processor
Identifier is given the authentication request of above-mentioned reception;
According to the identifier in the authentication request that is included in above-mentioned reception, determine the corresponding authentication request of authentication result request with above-mentioned reception.
7. authentication computer as claimed in claim 6 is characterized in that,
Above-mentioned identifier is above-mentioned client computer and the identifier of communicating by letter of above-mentioned authentication computer, or is assigned to part or all of addresses of items of mail of the authentication request of having given this identifier.
8. authentication computer as claimed in claim 1 is characterized in that,
When above-mentioned processor can't be determined with above-mentioned definite corresponding user of transmission source addresses of items of mail with reference to above-mentioned user profile, will be judged to be and to authenticate as the client computer in the transmission source of the authentication result request of above-mentioned reception.
9. as any described authentication computer in the claim 1~3, it is characterized in that,
Above-mentioned processor is in the time of can't determining with above-mentioned definite corresponding user of transmission source addresses of items of mail with reference to above-mentioned user profile, and this transmission source addresses of items of mail of determining as new user's addresses of items of mail, is stored in the above-mentioned user profile.
10. authentication computer as claimed in claim 1 is characterized in that,
Above-mentioned authentication computer also sends terminal with mail and is connected;
Above-mentioned processor any one from above-mentioned client computer or above-mentioned mail transmission terminal receives Email.
11. authentication computer as claimed in claim 1 is characterized in that,
Above-mentioned user profile also comprises the corresponding relation of above-mentioned user and this user's intrinsic information, above-mentioned processor
With reference to above-mentioned user profile, determine and the corresponding intrinsic information of above-mentioned definite user;
Receive user's intrinsic information from above-mentioned client computer;
If above-mentioned definite intrinsic information is consistent with the intrinsic information of above-mentioned reception, then will be judged to be and to authenticate as the client computer in the transmission source of the authentication result request of above-mentioned reception.
12. as any described authentication computer in the claim 1~3, it is characterized in that,
The corresponding relation of the credit card that above-mentioned user profile also comprises above-mentioned user and this user to be held,
Above-mentioned processor
With reference to above-mentioned user profile, determine and the corresponding credit card of above-mentioned definite user;
Above-mentioned definite credit card is carried out the credit examination;
If the result of credit examination is good, then allow to utilize above-mentioned definite credit card to settle accounts.
13. as any described authentication computer in the claim 1~3, it is characterized in that,
Above-mentioned user profile also comprises above-mentioned user and this user's account's corresponding relation,
Above-mentioned processor
With reference to above-mentioned user profile, determine and the corresponding account of above-mentioned definite user;
Above-mentioned definite account is carried out transaction.
14. authentication computer as claimed in claim 1 is characterized in that,
Above-mentioned processor
After receiving authentication request from above-mentioned client computer, the addresses of items of mail that newly-generated this authentication computer can receive;
By above-mentioned newly-generated addresses of items of mail being distributed to the authentication request of above-mentioned reception, addresses of items of mail in the addresses of items of mail that this authentication computer can be received, that be not assigned to the authentication request that receives before any one is distributed to the authentication request of this reception.
15. authentication computer as claimed in claim 14 is characterized in that,
, invalid behind the newly-generated above-mentioned addresses of items of mail of above-mentioned processor by the addresses of items of mail that makes this generation through after the stipulated time, remove the distribution of the addresses of items of mail of this generation.
16. authentication computer as claimed in claim 1 is characterized in that,
Above-mentioned processor
Judge whether above-mentioned definite transmission source addresses of items of mail is pretended;
Under the situation that above-mentioned definite transmission source addresses of items of mail is pretended, will be judged to be and to authenticate as the client computer in the transmission source of the authentication result request of above-mentioned reception.
17. a program is characterized in that, makes the authentication computer execution following steps that are connected and possess processor, storer and interface via network with a plurality of client computers:
The user profile of the corresponding relation of storage representation user and this user's addresses of items of mail;
After receiving authentication request from above-mentioned client computer, addresses of items of mail in the addresses of items of mail that this authentication computer can be received, that be not assigned to the authentication request that receives before any one is distributed to the authentication request of this reception;
Receive Email;
After receiving the authentication result request from above-mentioned client computer, determine the corresponding authentication request of authentication result request with this reception;
Determine to be assigned to the transmission source addresses of items of mail of the addresses of items of mail of above-mentioned definite authentication request as the Email that sends the destination;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail;
To send to client computer with above-mentioned definite user's information corresponding as the transmission source of the authentication result request of above-mentioned reception.
18. a program is characterized in that, makes via the 1st network to be connected with a plurality of client computers, to send the authentication computer execution following steps that terminal is connected and possesses processor, storer and interface via the 2nd network and a plurality of mails:
The user profile of the corresponding relation of storage representation user and this user's addresses of items of mail;
After receiving the authentication request of the identifier that comprises this client computer via above-mentioned the 1st network from above-mentioned client computer, addresses of items of mail in the addresses of items of mail that this authentication computer can be received, that be not assigned to the identifier of any one other client computer is distributed to the identifier of the client computer that comprises in the authentication request of this reception;
Send terminal via above-mentioned the 2nd network from above-mentioned mail and receive Email;
From the Email of this reception, determine to send destination addresses of items of mail and the source of transmission addresses of items of mail;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail;
Determined to be assigned with the identifier of the client computer of above-mentioned definite transmission destination addresses of items of mail;
Via above-mentioned the 1st network, send and above-mentioned definite user's information corresponding to client computer by the identifier identification of above-mentioned definite client computer.
19. an authentication computer is connected with a plurality of client computers via network, and possesses processor, storer and interface, it is characterized in that,
Above-mentioned memory stores is represented the user profile of corresponding relation of user and this user's user agent address,
Above-mentioned processor
After receiving authentication request from above-mentioned client computer, the authentication request of this reception is distributed in user agent address in the user agent address that this authentication computer can be received, that be not assigned to the authentication request that receives before any one;
Receive signaling;
After receiving the authentication result request from above-mentioned client computer, determine the corresponding authentication request of authentication result request with this reception;
Determine to be assigned to the transmission source user agent address of the user agent address of above-mentioned definite authentication request as the signaling that sends the destination;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user in transmission source user agent address;
To send to client computer with above-mentioned definite user's information corresponding as the transmission source of the authentication result request of above-mentioned reception.
20. an authentication computer is connected with a plurality of client computers via the 1st network, sends terminal via the 2nd network and a plurality of mails and is connected, and possess processor, storer and interface, it is characterized in that,
Above-mentioned storer
The user profile of the corresponding relation of storage representation user and this user's user agent address,
Above-mentioned processor
After receiving the authentication request of the identifier that comprises this client computer via above-mentioned the 1st network from above-mentioned client computer, the identifier of the client computer that comprises in the authentication request of this reception is distributed in the user agent address of identifier in the user agent address that this authentication computer can be received, that be not assigned to any one other client computer;
Send terminal via above-mentioned the 2nd network from above-mentioned mail and receive signaling;
From the signaling of this reception, determine to send the user agent address of destination and the user agent address in the source of transmission;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user in transmission source user agent address;
Determined to be assigned with the identifier of the client computer of above-mentioned definite user agent address, transmission destination;
Via above-mentioned the 1st network, send and above-mentioned definite user's information corresponding to client computer by the identifier identification of above-mentioned definite client computer.
21. an authentication computer is connected with a plurality of client computers via the 1st network, sends terminal via the 2nd network and a plurality of mails and is connected, and possess processor, storer and interface, it is characterized in that,
Above-mentioned memory stores: the user profile of the corresponding relation of expression user and this user's user agent address; The authentication usefulness user agent address corresponding informance of corresponding relation in the user agent address that can receive with expression above-mentioned client computer and this authentication computer, that repeatedly be not assigned to the user agent address of this client computer with other client computer,
Above-mentioned processor
Send terminal via above-mentioned the 2nd network from above-mentioned mail and receive signaling;
From the signaling of this reception, determine to send the user agent address of destination and the user agent address in the source of transmission;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user in transmission source user agent address;
With user agent address corresponding informance, determined to be assigned with the client computer of above-mentioned definite user agent address, transmission destination with reference to above-mentioned authentication;
Via above-mentioned the 1st network, send and above-mentioned definite user's information corresponding to above-mentioned definite client computer.
22. an authentication computer is connected with a plurality of client computers via network, and possesses processor, storer and interface, it is characterized in that,
Above-mentioned memory stores is represented the user profile of corresponding relation of user and this user's addresses of items of mail,
Above-mentioned processor
Receive Email;
One from above-mentioned a plurality of client computers receives authentication request;
Determine the corresponding addresses of items of mail of authentication request with above-mentioned reception;
Determine the transmission source addresses of items of mail of will be above-mentioned definite addresses of items of mail as the Email of transmission destination;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail;
To send to client computer with above-mentioned definite user's information corresponding as the transmission source of the authentication request of above-mentioned reception.
23. an authentication computer is connected with a plurality of client computers via network, and possesses processor, storer and interface, it is characterized in that,
Above-mentioned memory stores is represented the user profile of corresponding relation of user and this user's addresses of items of mail,
Above-mentioned processor
Receive Email;
From the Email of above-mentioned reception, extract out and send destination addresses of items of mail and the source of transmission addresses of items of mail;
The corresponding relation of the transmission source addresses of items of mail of the transmission destination addresses of items of mail of the above-mentioned extraction of storage and above-mentioned extraction in the addresses of items of mail corresponding informance;
After from above-mentioned a plurality of client computers one receives authentication request, from the transmission destination addresses of items of mail of above-mentioned addresses of items of mail corresponding informance, having stored corresponding relation, determine the corresponding transmission of authentication request destination addresses of items of mail with above-mentioned reception;
With reference to above-mentioned addresses of items of mail corresponding informance, determine and the above-mentioned definite corresponding transmission of addresses of items of mail source, transmission destination addresses of items of mail;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail;
To send to client computer with above-mentioned definite user's information corresponding as the transmission source of the authentication request of above-mentioned reception.
24. an authentication computer is connected with a plurality of client computers via network, and possesses processor, storer and interface, it is characterized in that,
Above-mentioned memory stores is represented the user profile of corresponding relation of user and this user's addresses of items of mail,
Above-mentioned processor
Receive Email;
From the Email of this reception, extract authentication request identifying information and the source of transmission addresses of items of mail out;
The corresponding relation of the transmission source addresses of items of mail of the authentication request identifying information of the above-mentioned extraction of storage and above-mentioned extraction in authentication request identifying information corresponding informance;
After from above-mentioned a plurality of client computers one receives authentication request,, determine to discern the authentication request identifying information of the authentication request of above-mentioned reception from above-mentioned addresses of items of mail corresponding informance, having stored in the authentication request identifying information of corresponding relation;
With reference to above-mentioned authentication request identifying information corresponding informance, determine and the above-mentioned definite corresponding transmission of authentication request identifying information source addresses of items of mail;
With reference to above-mentioned user profile, determine and above-mentioned definite corresponding user of transmission source addresses of items of mail;
To send to client computer with above-mentioned definite user's information corresponding as the transmission source of the authentication request of above-mentioned reception.
25. authentication computer as claimed in claim 24 is characterized in that,
The addresses of items of mail of the transmission destination that above-mentioned authentication request identifying information is an Email.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2006131063A JP2007304750A (en) | 2006-05-10 | 2006-05-10 | Authentication system, authentication computer and program |
| JP131063/2006 | 2006-05-10 | ||
| JP302222/2006 | 2006-11-08 | ||
| JP048603/2007 | 2007-02-28 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101443776A true CN101443776A (en) | 2009-05-27 |
Family
ID=38838638
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007800169431A Pending CN101443776A (en) | 2006-05-10 | 2007-05-01 | Authentication computer and program |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP2007304750A (en) |
| CN (1) | CN101443776A (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002073559A (en) * | 2000-08-31 | 2002-03-12 | Abia:Kk | Authentication device |
| EP1483597A4 (en) * | 2002-02-14 | 2006-03-22 | Avaya Technology Corp | Presence tracking and name space interconnection techniques |
| JP2003296278A (en) * | 2002-04-05 | 2003-10-17 | Simple Net International Group Kk | System and method for data management, program for the data management system, and recording medium for the data management system |
| JP2005115588A (en) * | 2003-10-07 | 2005-04-28 | Insees Ltd | Server system |
| JP3816482B2 (en) * | 2003-12-09 | 2006-08-30 | 三菱電機株式会社 | Service providing system and order reception server |
-
2006
- 2006-05-10 JP JP2006131063A patent/JP2007304750A/en not_active Ceased
-
2007
- 2007-05-01 CN CNA2007800169431A patent/CN101443776A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| JP2007304750A (en) | 2007-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200279275A1 (en) | Method for authenticating financial instruments and financial transaction requests | |
| US7958032B2 (en) | Generating event messages corresponding to event indicators | |
| CN101636949A (en) | Generation systems and methods for transaction identifiers having biometric keys associated therewith | |
| US20070006286A1 (en) | System and method for security in global computer transactions that enable reverse-authentication of a server by a client | |
| US20090018934A1 (en) | System and Method for defense ID theft attack security service system in marketing environment | |
| CN101218559A (en) | Token sharing system and method | |
| MX2011002067A (en) | System and method of secure payment transactions. | |
| CN1459068A (en) | Automated payment system | |
| CN1416552A (en) | Electronic ticket system | |
| SG186863A1 (en) | Method and devices for creating and using an identification document that can be displayed on a mobile device | |
| WO2007129635A1 (en) | Authentication computer and program | |
| JP6524205B1 (en) | Transaction management system, transaction management apparatus, transaction management method and transaction management program | |
| JP2007304752A (en) | Authentication system, authentication computer and program | |
| US20150178711A1 (en) | Method for creating a payment system | |
| CN108961034A (en) | System and method, storage medium based on user behavior certification | |
| JP2015082140A (en) | Onetime password issuing device, program, and onetime password issuing method | |
| CN109214819A (en) | A kind of method of payment and electronic equipment | |
| FR3033205A1 (en) | METHOD OF TRANSACTING WITHOUT PHYSICAL SUPPORT OF A SECURITY IDENTIFIER AND WITHOUT TOKEN, SECURED BY STRUCTURAL DECOUPLING OF PERSONAL AND SERVICE IDENTIFIERS. | |
| KR101024370B1 (en) | Integrated Messenger Banking Method by Using Personal Financial Management System | |
| EP2724305B1 (en) | Method of dematerialized transaction | |
| JP2009015612A (en) | Authentication system, authentication computer, and program | |
| CN101443776A (en) | Authentication computer and program | |
| WO2003010721A2 (en) | Method and system for formal guarantee of a payment, using a portable telephone | |
| JP2009238050A (en) | Account ledger server, financial application server, portable passbook updating system, deposit processing method, account ledger program, and financial application program | |
| JP3959472B1 (en) | Authentication system, authentication computer and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090527 |