JP2000151582A - Authentication system and its storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enhance the security of authentication processing relating to transmission/reception of information. SOLUTION: When a mail address of a sender is inputted from the sender in a procedure A1, a server of each provider generates a file ID of an electronic mail received in a procedure A2, an optional setting value set by a manager of a home page or a bulletin board in a procedure A3, a random number is generated, based on the file ID and the setting value in a procedure A4, and the random number is set as a basis of a random number array. A character string is converted one by one character each into an ASKII code in a procedure A5 and all the converted codes are obtained, A numeral obtained in the procedure A5 is used for a basis of the random number again in a procedure A6. Character codes are added by a random number by the number of times set by the random number in a procedure A7 to generate a password character string. The password character string is a confirmation key this time. Every time a sender transmits a mail, a different password character string is used to generate the mail.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an authentication system for authenticating a transmission source when a communication request from the outside is received, and a storage medium therefor.

[0002]

2. Description of the Related Art For example, a personal computer functions as a communication device when connected to another personal computer or various homepages via the Internet. 2. Description of the Related Art Generally, a communication control system that performs communication using a personal computer is connected to another personal computer or various homepages via a server of a provider so that electronic mail (information) and various information registered on the homepage can be transmitted and received. It has become.

In addition to transmitting and receiving e-mails between personal computers, it is also possible to browse various homepages and transmit e-mails to the respective homepages. A homepage established on the Internet is a place for providing information that can be provided independently by a user who has contracted with each provider, and has a bulletin board and the like on which opinions can be exchanged.

[0004] As this kind of bulletin board, there are provided one in which registered members exchange opinions, and one in which an unregistered third party can also speak. In the membership site, the authentication system is activated, so the name, address, member number, credit card number, etc. are checked in advance at the time of access, and if the identity of the member can be confirmed, connection is established in a communicable state. .

[0005] However, some sites other than the membership system allow anyone to connect free of charge. At this site, a third party can freely see the comments posted on the bulletin board, It is possible to post your own remarks by e-mail. Even in this case, when there is a communication request to the bulletin board, the name and address are input, and then the content to be posted on the bulletin board is transmitted by e-mail.

[0006] Generally, on the Internet,
TCP / IP (Tramsmission Control Protocol / Intern
et Protocol) is used as a standard protocol.
This TCP / IP has seven layers (layers) like an ISO (International Organization for Standardization) structural model (OSI model), and in order from the top, an application layer, a presentation layer, a session layer, a transport layer, a network layer, and a data link. Layer and physical layer (hardware). Transmission data flowing from the application layer to the network flows from the highest application layer to the physical layer via each layer, and conversely, transmission data flowing from the network to the application layer flows from the physical layer to the application layer via each layer. Flows to

TCP / IP having such a hierarchical structure
Now, in the network layer, the source and destination IP
Security is ensured by address and password.

[0008]

However, in the conventional communication control system, when a comment is transmitted to a bulletin board on the Internet, a third party can freely view the content of another person's comment and modify the comment of another person. However, the following problems have occurred. If an opinion that slanders or defames a particular person is posted on an Internet bulletin board by e-mail, the honor and privacy of the individual may be significantly impaired. In addition, if a malicious message that leads to a crime is posted, the management responsibility of the provider will be held. In addition, when a large number of e-mails are continuously transmitted, the bulletin board is in a punctured state and cannot function normally. Further, when the mail address is displayed on the bulletin board, for example, a malicious spam mail (a large amount of direct mail) reaches the mail address of the speaker who posted the comment on the bulletin board, or a large amount of mail is transmitted. When the bomb mail arrives, other e-mails cannot be sent or received. Also, if a malicious message that leads to a crime is posted at another person's e-mail address, it is determined that the person holding the e-mail address committed the crime.

Accordingly, an object of the present invention is to provide an authentication system and a storage medium for solving the above-mentioned problems.

[0010]

In order to solve the above problems, the present invention has the following features. Claim 1
According to the invention described above, when an external communication request is received, the address of the transmission source is confirmed, and when authentication is obtained, the authentication system receives the transmitted information, based on data specified on the receiving side. Random number generation means for generating a random number array, an authentication key generation means for generating an authentication key based on a character string indicating the address of the transmission source and a random number array generated by the random number generation means, When the received information is received, an authentication unit for confirming the authentication key issued by the authentication key generation unit and an address of a transmission source of the information is provided.

Therefore, according to the first aspect of the present invention, a random number array is created based on data specified on the receiving side,
Since the authentication key is generated based on the character string indicating the address of the transmission source and the random number array, the authentication key can be easily generated and the authentication key can be prevented from being stolen by a third party. The invention according to claim 2 is the authentication system according to claim 1, wherein the authentication unit transmits the authentication key generated by the authentication key generation unit to the address of the transmission source. It is characterized by comprising transmitting means.

Therefore, according to the second aspect of the present invention, the authentication unit transmits the authentication key generated by the authentication key generation unit to the address of the transmission source. By inputting, the sender can be authenticated. The invention according to claim 3 is the authentication system according to claim 1, wherein the authentication unit includes:
An authentication key collating unit for collating the authentication key transmitted from the transmission source with the authentication key generated by the authentication key generating unit is provided.

Therefore, according to the third aspect of the present invention, the sender can be confirmed by comparing the authentication key transmitted from the sender with the authentication key generated by the authentication key generator. If the authentication keys do not match, the identity of the sender becomes unknown, and it is possible to refuse to receive information. Further, the invention according to claim 4 is the authentication system according to claim 3, wherein the authentication unit is configured to determine when the authentication key transmitted from the transmission source is confirmed by the authentication key matching unit. The information is stored in the storage unit so that the information can be disclosed to a third party.

Therefore, according to the invention described in claim 4, when the authentication key transmitted from the transmission source is confirmed by the authentication key matching means, the information can be stored in the storage unit and the information can be disclosed to a third party. Therefore, it is possible for the speaker to use the name of another person to exclude malicious content information that is related to personal honor or privacy. The invention according to claim 5 is the authentication system according to claim 1, wherein the authentication key generation unit includes a character string indicating a source address and a random number array generated by the random number generation unit. A first character array generating means for generating a first character array from the combination of the first character array, a random number setting means for setting the first character array generated by the first character array generating means as a random number seed, And a second character array generating means for generating a second character array by adding a predetermined code to the first character array based on the random number set by the random number setting means. Things.

Therefore, according to the fifth aspect of the present invention, the first character array is set as a seed of a random number, and a predetermined code is added to the first character array based on the random number to form a second character array. Since the array is generated, the confidentiality of the authentication key and the reliability of the authentication key can be further improved. Also, the invention according to claim 6 is a random number generating means for generating a random number array based on data specified on the receiving side, a character string indicating the address of the transmission source and a random number generated by the random number generating means Authentication key generation means for generating an authentication key based on the array;
An authentication unit for confirming the authentication key issued by the authentication key generation unit when receiving the information transmitted from the outside;

Therefore, according to the invention described in claim 6, a random number array is created based on the data specified on the receiving side in the same manner as in claim 1, and a character string indicating a source address and a random number array are generated. Since the means for generating the authentication key based on the authentication key is stored in the storage medium, the authentication key can be easily generated and the authentication key can be prevented from being stolen by a third party.

[0017]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a conceptual diagram of a communication network to which an embodiment of an authentication system and a storage medium according to the present invention is applied. FIG. 2 is a conceptual diagram showing a homepage established on the Internet.

[0018] As shown in FIG. 1, each personal computer 11 ₁ to 11, which is installed in each home or companies, etc.
_n is a communication modem (not shown), a public line 13 ₁ to
13 _n , the servers 15 a to 1 of the respective providers a to f
5f. Each personal computer 11 ₁ to 11 _n may be connected to the network 17 via the server 15a~15f communicate with each other.

[0019] As shown in FIG. 2, the personal computer 11 ₁ to 11 _n, each was opened on the Internet via the server 15a~15f homepage 19
Is communicably connected to Each personal computer 1
When one communication request to each home 19 from ₁ to 11 _n is carried out, for each provider a~f server 15a~1
5f generates a confirmation key (authentication key) composed of a password character string based on the mail address input from the transmission source as described later. Then, the servers 15a to 15f
The confirmation key is sent to the sender, and then the mail address and the confirmation key input from the sender are checked for correctness, and the sender is authenticated.

Here, the process of creating the confirmation key will be described. FIG. 3 is a process chart showing a process for creating a confirmation key. As shown in FIG. 3, when the confirmation key is created, when a mail address is received from the sender in step A1, the servers 15a to 15f of each provider are connected to the server 15a used on the server 15a to 15f side.
The file ID unique to the 15f side is read, and the procedure A3
, An arbitrary set value set by the administrator of the homepage or bulletin board is read, and then a random number is created from the file ID and the set value in step A4, and this is set as a seed of a random number array (random number creating means).

The above mail address is known only by the sender. The file ID and the set value are stored in the server 15.
Since it is created by a to 15f, it differs every time. As described above, the random number array is stored in the mail address of the sender and the server 15.
Since the mail is created from the file ID of the mail created on the side of a to 15f and an arbitrary setting value, the arrangement is different every time.

In the next step A5, the character string from the mail address is converted into an ASCII code one character at a time, and all are added (first character array generation means). In the next step A6, the numerical value obtained in step A5 is set again as a random number seed (random number setting means). In step A7, a random number of the set number of times is fetched, and a character code according to the fetched random number is added to create a password character string serving as a confirmation key (authentication key) (authentication key generation means, second character Array generating means). This password character string becomes the current confirmation key (authentication key).

The above procedures A1 to A7 are stored in the memories (storage media) of the servers 15a to 15f.
Thus, the confirmation key is the mail address, file I
D. A random number is created based on an arbitrary set value, the random number is taken in the number set by the random number, and a password character string is created according to a character code corresponding to the taken random number. Generated. Therefore, it is difficult for a third party to obtain the confirmation key generated as described above, and the confidentiality and reliability of the confirmation key are further improved, and the security is improved.

Therefore, by confirming the mail address and the confirmation key, the identity of the speaker can be authenticated accurately and in a short time. For example, when the speaker uses the name of another person, Is prevented from being tampered with or deleted without permission. In addition, e-mails with malicious contents that the speaker uses for the honor or privacy of an individual using the name of another person can be excluded from the bulletin board.

Further, in the present embodiment, the confirmation key is generated by performing the conversion using the random number sequence twice, but the number of conversions is not limited to two, and the conversion is repeated three or more times to obtain a more advanced confirmation key. May be generated. Next, an authentication process using the confirmation key created as described above will be described.

FIG. 4 is a process chart showing the authentication process. As shown in FIG. 4, the server 15 of each provider
In steps a to 15f, an e-mail is transmitted to an e-mail address that specifies the confirmation key including the password character string described in the procedure B1 (authentication key transmitting unit). As a result, the confirmation key arrives at the transmission source that transmitted the e-mail address, and only the person who can use the e-mail address can know the contents (password character string) of the confirmation key.

In the next step B2, the speaker (sender) who has received the confirmation key receives the name, mail address, confirmation key, and the contents of the message to be written on the bulletin board (new message, correction of message, deletion of message, etc.). Enter And procedure B3
Transmits the name, the mail address, the confirmation key, and the contents of the statement to the server 15 of the provider.

The server 15 that has received an e-mail (name, e-mail address, confirmation key, utterance content, etc.) from the speaker
Performs an authentication process. That is, the server 15 performs the procedure C
In step 1, the mail address input by the speaker is read. Subsequently, in step C2 (authentication key generation means), a confirmation key A is generated based on the input e-mail address as described above (see the confirmation key creation process in FIG. 3).

In step C3, the server 15 reads the confirmation key B input from the speaker. And procedure C
In step 4, the confirmation key A created in step C2 is compared with the confirmation key B input by the speaker to check whether or not the password character strings of both match (authentication means,
Authentication key matching means). The processing procedures B1 to B4 and C1 to C5 are stored in memories (storage media) of the servers 15a to 15f.

Here, when the password character string of the confirmation key A and the password character string of the confirmation key B match, it is confirmed in step C5 that the content of the utterance belongs to the person himself, and registration processing is performed. Therefore, when the input mail address and the confirmation key are confirmed to be those of the speaker, registration processing on the bulletin board is performed in step C4, and the content of the statement is posted on the bulletin board. Note that only the message and the name of the speaker are posted on the bulletin board, and the mail address and the confirmation key are not posted.

When the password character string of the confirmation key A and the password character string of the confirmation key B do not match, the server 15 does not confirm the identity of the speaker, so that it is highly possible that a person other than the person has transmitted the message. Refuse to register the content of remarks. As described above, only when the password character string of the confirmation key A created in the creation process of the confirmation key of FIG. 3 matches the confirmation key B input by the speaker, the message is posted on the bulletin board. Can prevent the third party from speaking in the name of another person, or modifying or deleting the statement posted on the bulletin board without permission. Therefore, it is possible to prevent a message suggesting slander, slander or a crime against a specific individual from being posted on a bulletin board using the name of another person, thereby protecting the individual's honor and privacy.

FIG. 5 shows the server 15a of each of the providers a to f.
15 to 15f are flowcharts of a main communication process executed. The servers 15a to 15f execute the processing procedures A1 to A
7, a memory (storage medium) in which B1 to B4 and C1 to C5 are stored. Therefore, as shown in FIG. 5, when there is a communication request from an external device in step S11 (hereinafter, “step” is omitted), the server 15 proceeds to S12 and authenticates the user who is the transmission source. Perform processing. In this authentication processing, when an e-mail address is input when using a bulletin board as described later, a confirmation key (authentication key) including a password character string created based on the e-mail address is issued.

If the mail received in S13 has a comment (transmission request) to the bulletin board, the process proceeds to S14,
Check that the confirmation key is correct. If it is determined in S15 that the confirmation key is correct, the process proceeds to S16.
Then, the message on the bulletin board is permitted, and the received message (e-mail) is stored and posted on the bulletin board. At that time, the mail address and the confirmation key are not posted on the bulletin board.
Therefore, it is possible to prevent a third party who has viewed the bulletin board from intensively transmitting spam mails and mail bombs to the speaker.

If the confirmation key is incorrect in S15, the process proceeds to S17, where it is determined that the identity of the mail sender is unknown, and the mail is rejected. Then, the above S11
Return to As a result, the message whose identity cannot be confirmed is not posted, so that the bulletin board administrator can pay attention to the person who makes the undesired message, and can exclude such a speaker. it can.

If the message is not a message to the bulletin board (request for transmission) in S13, the process proceeds to S18. If it is determined in S18 that the received mail is a correction / deletion of the content of a comment on the bulletin board, the process proceeds to S19, and the speaker (sender)
Check if the confirmation key entered from is correct. If it is determined in S20 that the entered confirmation key is correct, the process proceeds to S21, in which the correction / deletion of the content of the message posted on the bulletin board is permitted, and the corrected / deleted content is stored in the bulletin board. Post it. At that time, the mail address and the confirmation key are not posted on the bulletin board.

If the entered confirmation key is incorrect in S20, the process proceeds to S17, where it is determined that the identity of the mail sender is unknown, and the mail is rejected.
Then, the process returns to S11. Also, when an e-mail is desired to be sent to a person whose e-mail address is not disclosed on the bulletin board, the mail can be transmitted by F-mail having a function of transferring the e-mail using the bulletin board as a medium.

If it is determined in step S18 that the received mail is not a correction / deletion of the content of the message posted on the bulletin board, the flow advances to step S23 to check whether the received mail is an F-mail. If it is determined in step S24 that the entered confirmation key is correct, the process advances to step S25 to transfer the F-mail to the origin of the message posted on the bulletin board. At this time, the sender's mail address is not displayed in the F-mail.

If the entered confirmation key is incorrect in S24, the process proceeds to S17, where it is determined that the identity of the sender of the F-mail is unknown, and the F-mail is rejected. Then, the process returns to S11. By authenticating the confirmation key generated from the e-mail address in this way, it is possible to prevent a third party from slandering or slandering the individual on the bulletin board, and to arbitrarily correct the content of the statement posted on the bulletin board. Or deletion.

FIG. 6 is a flowchart showing the procedure of the authentication process. As shown in FIG. 6, the server 15
In S31, it is checked whether a mail address has been input. If there is an input of a mail address in S31, the process proceeds to S32, and the input mail address is read. Subsequently, in S33, a set value (arbitrary value) in a script set in advance by the administrator of the homepage or the bulletin board is read.

At step S34, the file ID of the electronic mail received is determined. Then, in S35, the server 15
I of the file unique to the server 15 used by the server
D, and further reads an arbitrary set value set by the administrator of the homepage or the bulletin board, and generates a random number from the file ID and the set value. Further, the process proceeds to S36, where a confirmation key is generated based on the random numbers generated from the above three data. Then, in S37, a confirmation key composed of a password character string is output to the sender of the input mail address.

As described above, every time a mail address is input, a random number is taken in a set number of times, and a character code according to the taken-in random number is added to create a password character string serving as a confirmation key. The key will be sent to the sender. Therefore, every time a message or a message is corrected or deleted on the bulletin board, a different confirmation key is checked for correctness, and the identity of the speaker can be confirmed by confirming the mail address.

Thus, it is possible to prevent a third party who browsed the bulletin board from posting a malicious comment on the bulletin board without inputting an e-mail address, and to arbitrarily correct the comments of others posted on the bulletin board. Can be prevented from being deleted,
It can protect personal honor and privacy. FIG. 7 is a flowchart showing the processing procedure of the comment processing.

As shown in FIG. 7, the server 15
At 41, it is checked whether it is a new statement. S
If the message is a new message at 41, the process proceeds to S42, where the mail address and the authentication key are confirmed. If it is confirmed in S42 that the confirmation key composed of the mail address and the password character string is correct, the process proceeds to S43, and the message is posted on the bulletin board.

If it is determined in step S41 that the message is not a new message, the flow advances to step S44 to check whether the message posted on the bulletin board has been corrected or deleted. If the comment is to be corrected or deleted in S44, the process proceeds to S45, where the entered authentication key is confirmed. If the authentication key is confirmed in S45, the process proceeds to S46, in which the message posted on the bulletin board is corrected or deleted.

If the e-mail address and the authentication key are incorrect in S42 and S45, the process proceeds to S47, and
Judge that the identity of the person entered is unknown and reject the mail. As described above, when speaking on the bulletin board or correcting or deleting a message posted on the bulletin board, the authentication key is checked in advance, so that a third party can pretend to be another person and speak on the bulletin board or have an unknown identity. It is possible to prevent a third party from arbitrarily modifying or deleting another person's statement. Therefore,
It is possible to exclude a statement relating to a crime or a statement that violates personal honor and privacy on a bulletin board.

FIG. 8 is a flowchart showing the processing procedure of the F-mail processing. As shown in FIG. 8, in S51, a speaker who has made a comment on a bulletin board as a transmission destination is designated. In the next S52, a confirmation key composed of a password character string is confirmed. If it is confirmed in step S52 that the confirmation key is correct, the flow advances to step S53 to transfer the F-mail to the designated speaker.

When the confirmation key is confirmed in S52, the process proceeds to S54, in which it is determined that the identity of the sender of the F-mail is unknown, and the mail transfer is refused. Only the message and the name of the speaker are posted on the bulletin board, and the confirmation key is not posted. However, even in the situation where the address of the speaker posted on the bulletin board is unknown, the message can be transmitted to the speaker by specifying the transmission destination by F-mail.

As described above, since the bulletin board administrator can surely identify the user by authenticating the confirmation key, he can pay attention to a person who makes an undesired comment and excludes such a speaker. You can also. Further, since the bulletin board administrator can perform processing so as not to give a confirmation key to a person who makes an unpleasant utterance, the utterance on the bulletin board can be properly managed.

In the above-described embodiment, a case where a message is made on a bulletin board established on the Internet and a case where a posted message is corrected or deleted are given as examples. However, the present invention is not limited to this. It is needless to say that the present invention can be applied to the data transmission / reception system. For example, the above-mentioned file ID set on the host computer side,
If an arbitrary set value is shared on the set network, terminals in the network can also authenticate the identity of the caller.

The above-described authentication system can be applied to the transmission and reception of information relating to a commercial transaction requiring identification, or the transmission and reception of information relating to the buying and selling of stocks and the information relating to the trading of foreign exchange.

[0051]

As described above, according to the first aspect of the present invention, the authentication means creates a random number array based on the data specified on the receiving side, and generates a character string indicating the address of the transmission source and the random number array. Therefore, the authentication key can be generated relatively easily, and the authentication key can be prevented from being stolen by a third party.

According to the second aspect of the present invention, the authentication unit transmits the authentication key generated by the authentication key generation unit to the address of the transmission source. By inputting, the sender can be authenticated accurately and in a short time. According to the third aspect of the present invention,
The sender can be confirmed by comparing the authentication key sent from the sender with the authentication key generated by the authentication key generator. If the authentication keys do not match, the identity of the sender becomes unknown. , Can refuse to receive information. for that reason,
Preventing the disclosure of the identity of the speaker on the network is prevented.
Alternatively, a statement that slanders or defames an individual can be eliminated beforehand, and order and fairness on a network can be maintained.

According to the fourth aspect of the invention, when the authentication key transmitted from the transmission source is confirmed by the authentication key matching means, the information can be stored in the storage unit and the information can be disclosed to a third party. Therefore, if the speaker can use the name of another person to exclude information of malicious content that is related to personal honor or privacy, in the event that personal slander or slander is posted on the network Can immediately take legal action against the speaker.

According to the fifth aspect of the present invention, the first
Is set as a seed of a random number, and a predetermined code is added to the first character array based on the random number to generate a second character array and use it as an authentication key.
It is possible to further enhance the confidentiality of the authentication key and the reliability of the authentication key generated by performing the above operation. According to the invention described in claim 6, a random number array is created based on the data specified on the receiving side in the same manner as in claim 1, and based on the character string indicating the address of the transmission source and the random number array. Since the means for generating the authentication key is stored in the storage medium, the authentication key can be easily generated and the authentication key can be prevented from being stolen by a third party.

[Brief description of the drawings]

FIG. 1 is a conceptual diagram of a communication network to which an embodiment of an authentication system according to the present invention is applied. It is a conceptual diagram of a homepage established on the Internet.

FIG. 2 is a conceptual diagram showing a homepage established on the Internet.

FIG. 3 is a process chart showing a confirmation key creation process.

FIG. 4 is a process diagram showing a process of authentication.

FIG. 5 is a flowchart of a main communication process executed by a server 15 of each of the providers A to F.

FIG. 6 is a flowchart illustrating a processing procedure of an authentication process.

FIG. 7 is a flowchart illustrating a processing procedure of a comment process;

FIG. 8 is a flowchart showing a processing procedure of F-mail processing.

[Explanation of symbols]

11 _{1 to} 11 _n Personal computer 13 _{1 to} 13 _n Public line 15 a to 15 f Server 17 Network 19 Home page

 ──────────────────────────────────────────────────続 き Continuing on the front page F term (reference) LL03

Claims (6)

[Claims] When an external communication request is received, an address of the transmission source is confirmed, and when authentication is obtained, an authentication system that receives the transmitted information, based on data specified on the receiving side. Random number generating means for generating a random number array, an authentication key generating means for generating an authentication key based on a character string indicating the address of the source and the random number array generated by the random number generating means, An authentication unit for confirming the authentication key issued by the authentication key generation unit when receiving the received information. 2. The authentication system according to claim 1, wherein said authentication means includes an authentication key transmitting means for transmitting an authentication key generated by said authentication key generating means to said source address. An authentication system, characterized in that: 3. The authentication system according to claim 1, wherein the authentication unit collates an authentication key transmitted from the transmission source with an authentication key generated by the authentication key generation unit. An authentication system comprising means. 4. The authentication system according to claim 3, wherein the authentication unit stores the information in the storage unit when the authentication key transmitted from the transmission source is confirmed by the authentication key matching unit. An authentication system wherein the information is stored so that the information can be disclosed to a third party. 5. The authentication system according to claim 1, wherein the authentication key generation unit obtains a first key from a combination of a character string indicating a source address and a random number array generated by the random number generation unit. First character array generation means for generating a character array, random number setting means for setting the first character array generated by the first character array generation means as a random number seed, and setting by the random number setting means And a second character array generating means for adding a predetermined code to the first character array based on the random number to generate a second character array. 6. A random number generating means for generating a random number array based on data specified on the receiving side, and authenticating based on a character string indicating the address of the transmission source and the random number array generated by the random number generating means. Authentication key generation means for generating a key; and authentication means for confirming the authentication key issued by the authentication key generation means when receiving the information transmitted from the outside. Storage medium.