JP2001144749A - Method and system for specifying user concerned and recording medium with user specifying program recorded thereon in network - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a user specifying method and a device, and a recording medium where a user specifying program is recorded in a network which can authenticate the specification of the network user. SOLUTION: This system is provided with a telephone number managing means which forms credit information on the basis of an identification ID by a telephones number from a communication terminal connected to a public network and outputs and credit information and a connection control means which is provided between the public network and a computer network and controls connection between the networks according to the credit information.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method and system for identifying a person in a network and a recording medium on which a program for identifying a person is recorded, which enables the communication partner on the network to be identified as a person who exists in the real world. Things.

[0002]

2. Description of the Related Art Heretofore, as an identification ID for specifying a communication partner, for example, in the Internet network, a virtual ID set like a mail address on a computer network has been used. It is difficult to identify the actual person only online, unless the individual is required to present a registered copy, family register, license, etc. There was no reliable certification as to whether or not to do so.

[0003] Further, since the computer network and the public network use completely different communication procedures, the means of identification on the networks are also different, so that both networks have poor convergence and affinity.
The public network has only been used as a mere undercarriage communication line.

In a public key cryptosystem used for securely transmitting information in a computer network, a key used for encryption and a key used for decryption are different, and a communication source is owned by a communication destination which is a communication partner. Using a public key to encrypt
The communication destination decrypts the cipher text using the private key held by itself. Therefore, a digital certificate for certifying that the owner of the public key disclosed by the communication partner is the true communication partner is required.

[0005]

However, conventionally,
As an identification ID for linking a public key and its owner, an online ID, such as a mail address, must be virtually set on a wide area computer network. For this reason, the proof of the real key owner was not available, except for the case where a copy of the registry, family register, license, etc. was requested offline depending on the situation. That is, although information leakage and tampering during communication can be prevented by employing encrypted communication, it has not been possible to prove whether or not the communicating party exists in the real world.

When a public network is used to connect to a wide area computer network such as the Internet network, a computer is used to input an identification ID and a password to prove whether or not the user is a connectable computer user. As a result, reliable authentication of whether or not a real person really exists in the real world has not been performed, nor has it been possible.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and provides a method and system for identifying a user in a network capable of authenticating the identity of a user of the network on-line, and a recording medium recording a program for identifying the user. The purpose is to do.

[0008]

In order to achieve the above-mentioned object, the invention according to claim 1 of the present invention is a method for identifying a user of a network on a network by a communication connected to the network. The gist is that it is performed using the telephone number from the terminal.

According to a second aspect of the present invention, credit information for identifying a user of the public network is formed based on an identification ID based on a telephone number from a communication terminal connected to the public network, and the credit information is formed. The gist of the invention is to have a telephone number management means for outputting and a connection control means provided between the public network and the computer network for controlling connection between these networks according to the credit information.

According to a third aspect of the present invention, the identification ID according to the second aspect is a telephone number confirmed by calling back based on a telephone number notified from a public network or a telephone number notified from a communication terminal. The gist is to have any of the numbers.

According to a fourth aspect of the present invention, the telephone number management means according to the second aspect includes a personal identification means for determining personality based on the identification ID, and a certificate in accordance with a notification from the personal identification means. The point is to have a certificate issuing means for issuing.

According to a fifth aspect of the present invention, the telephone number management means according to the second or fourth aspect stores at least one of a name, an address, a card number, and an e-mail address in association with the identification ID. The gist is to have a database to perform.

According to a sixth aspect of the present invention, there is provided a computer-readable recording medium wherein a user of the network is identified by a telephone number from a communication terminal connected to the network. It is the gist that the personal identification program in was recorded.

[0014]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a block diagram showing a schematic configuration of a system to which the present invention is applied. In FIG. 1, a communication terminal 9 is connected via a public network 7 to a wide area computer network 1 such as the Internet. A connection control unit 5 is provided between the public network 7 and the wide area computer network 1, and the authentication center 3 is connected to the connection control unit 5.

The authentication center 3 has a communication control system 31 for controlling communication between the public network 7 and the wide area computer network 1 via the connection control unit 5 and a communication terminal 9 connected to the public network 7. A personal control system 33 that determines the identity based on the identification ID based on the telephone number of the user and specifies the identity, and a certificate issuance that issues a certificate based on the verification result of the identity notified from the identity control system 33. It is constituted by a system 35.

The connection control unit 5 also controls the wide area computer network 1 according to a control instruction of the communication control unit 31 of the authentication center 3.
And a connection between the public network 7 and the public network 7.

A network is constituted by a network including the public network 7 and the wide area computer network 1. The public network 7 includes a telephone network, a data communication network such as a packet switching network, and a network including an ISDN. And The telephone numbers input from the communication terminal 9 include 1, 2,.
In addition to 9,0, # and * provided in a normal push-type telephone can be used as appropriate.

Next, the operation of the present embodiment will be described by taking as an example the case of connecting to the wide area computer network 1 via the public network 7.

First, a modem or TA (Terminal)
A dial is performed by a communication terminal 9 such as an adapter, and a connection is made to a connection control unit 5 such as a host computer with a modem (or a communication control device such as a dial-up router) 15 connected to the network via a telephone line.
The public network 7 obtains the caller's telephone number on the receiving side by using a caller number notification service of notifying the caller of the caller's telephone number before the call starts, and uses the telephone number as an identification ID described later. Inquires the personal identification information database and performs personal identification authentication.

In this case, a caller telephone number notification service for notifying the called party of the calling party's telephone number, which is an additional function in the basic services of the ISDN service and the mobile phone service and the analog phone service, before starting the communication. Is not limited to the telephone number notified from the public network 7, and a telephone number confirmed by callback based on the telephone number notified from the communication terminal may be used.

Further, after the personal identification authentication is performed, permission / rejection of the connection to the wide area computer network 1 is performed before the telephone communication connection is established. When a digital certificate is issued, after the authentication is completed, a certificate issuance request is made to the certificate issuing system 35 using the telephone number of the sender as an identification ID, and a digital certificate of a public key is issued.

Next, the configuration of the present system will be described in detail with reference to FIG. In FIG. 2, a computer with a modem 19 as a communication terminal is connected to the wide area computer network 1 via the public network 7. A host computer with a modem (or a communication control device such as a dial-up router) 15 as a connection control unit is provided between the public network 7 and the wide area computer network 1. 13 is connected. A plurality of arbitrary communication terminals are connected to the public network 7 as appropriate.

A public network-wide area computer network communication control system 131 and a personal control system 133 shown in FIG.
The digital certificate issuing system 135 corresponds to the communication control system 31, the principal control system 33, and the certificate issuing system 35 shown in FIG. 1, respectively, and is provided in the authentication center 13.

The public network / wide area computer network communication control system 131 controls communication between the public network 7 and the wide area computer network 1 via the host computer 15 with a modem. Further, the personal control system 133 stores auxiliary programs (1), (2), (3), (4), and (5). Accordingly, the personal control system 133 determines the personality based on the identification ID based on the telephone number from the communication terminal 9 connected to the public network 7 by executing the auxiliary programs (1) to (5). And identify himself. These auxiliary programs (1), (2), (3) are integrated by the transaction management system 137.

The digital certificate issuing system 135 includes:
A digital certificate as credit information as shown in FIG. 8 described later is issued based on the verification result of the personality notified from the personal control system 133.

Further, a database 139 is provided in the authentication center 3. The database 139 has identification ID data 139 a based on telephone numbers and personal identification data 1.
39b and the ID conversion data 139c.

The identification ID data 139a is data based on the telephone number, and the personal identification data 139b is for identifying the person from the calling party's telephone number transmitted together with the called party's telephone number. ID data
The conversion data 139c is data having a table for converting a telephone number into data (for example, an account number) corresponding to a personal identification inquiry destination.

The host computer with modem 15 is provided with an identification ID communication buffering system 151. This identification ID communication buffering system 15
Reference numeral 1 denotes a buffer for matching between the public network 7 having a constant communication speed and the wide area computer network 1 having an unfixed communication speed.

Hereinafter, the operation of the present embodiment will be described in detail with reference to FIGS.

Here, a case will be described in which the computer 19 with a modem is used to access the public network 7 and connect to the wide area computer network 1.

First, a call is made from the modem-equipped computer 19 to the modem-equipped host computer 15, and a telephone communication connection is attempted. The public network 7 connects the modem-equipped computer 19 before the incoming call is made to the modem-equipped host computer 15.
Notifies the telephone number (caller telephone number) of the telephone line used for calling (step S11).

In step S13, when the caller's telephone number is notified, the host computer with modem 15 sends the notified caller's telephone number to the personal identification system 1 via the public network-wide area computer network communication control system 131.
Pass to 33. The personal identification system 133 activates the auxiliary programs (1) to (5) shown in FIG.

In the auxiliary program (1), an inquiry is made to the database 139 using the telephone number as the identification ID (step S15), and the received telephone number is identified by the identification I.
The personal identification data 139b is searched as D, the presence or absence of matching data is confirmed, and the personal identification authentication is performed (step S).
17). The authentication result is stored in the database 139 and, at the same time, passed to the auxiliary program (2) (step S19).

In the auxiliary program (2) shown in FIG. 4, this authentication result is received from the auxiliary program (1) (step S21), and additional information (such as a password) is received from the computer 19 with a modem. To store. These pieces of information may be used from other programs and systems that can connect to the database 139.

When the communication control to the wide area computer network 1 is performed, the authentication result is passed from the auxiliary program (2) to the public network-wide area computer network communication control system 131. The host computer with modem 15 permits communication from the public network 7 to the wide area computer network 1 and proceeds to step S27. If the authentication fails, the process proceeds to step S25 to reject the connection.

On the other hand, in step S23, the public network 7
When the communication from the computer to the wide area computer network 1 is permitted, the address and the host name which are the identification IDs used in the wide area computer network 1 are changed to the host computer 15 with modem.
From.

The information such as the assigned address and host name is stored in the database 139 associated with the telephone number by the auxiliary program (2) (step S29).

These data are searched by the auxiliary program (4) shown in FIG. 6 by the identification ID or the address / host name in the database (step S43), and when there is conversion data, conversion is performed (step S4).
5, 49), which is used for personal identification from the wide area computer network 1 side and for controlling computer communication from the wide area computer network 1 to the public network 7.

In the mutual communication between the wide area computer network 1 and the public network 7, communication data is buffered by the identification ID communication buffering system 151, and if the communication procedure is not guaranteed on the wide area computer network 1, the public The difference in the communication procedure with the network 7 is absorbed.

In particular, when transmitting / receiving datagrams by dividing fixed-length datagrams, the auxiliary program (5) shown in FIG. 7 monitors the telephone communication connection (step S51) and temporarily stores data in addition to buffering. Stores to ensure delivery of fixed-length datagrams, with or without telephony connections.

When a digital certificate is issued based on the identification ID, the authentication result and the identification ID are passed from the auxiliary program (1) to the auxiliary program (3) shown in FIG. 5 (step S31), and the auxiliary program is executed. (3) is the identification ID
If the personal identification authentication by the user has succeeded (step S33), a certificate issuance request is made to the digital certificate issuing system 135 based on the identification ID (step S3).
5).

The digital certificate "Seri"
al Number "or" Subject Na
The information of the identification ID is stored in "me" and transmitted to the computer with modem 19 by the auxiliary program (3) (step S37).

Next, an example of a public key digital certificate will be described with reference to FIG. The public key digital certificate shown in FIG. 509, which are specified in “Version Number” in order from the top.
r; Certificate version (V1 ;, V2 ;, V3;) "
"Serial Number; certificate serial number""IssuerName; information on certificate issuing authority""Validity; certificate expiration date""Sub"
project Name; information of the user certified by the certificate "
"Public Key; Public Key Information""Exten
areas; extended area "" Digital Signa
cure; digital signature (for content tampering check) "is described. Among these, "Serial Numb"
“er” and “Subject Name” are unique for each certificate determined by the issuing authority.

That is, in the present embodiment, when a certificate is issued using a telephone number as an ID, these "Se
real Number "and" Subject Nam "
e) or both of them can be used as the identification ID (telephone number).

Next, with reference to FIGS. 9 and 10, identification of a person by telephone number when using a service that requires identification of the person will be described more specifically. FIG. 9 is a diagram for explaining authentication / credit when identifying a person with a telephone number, and FIG. 10 is a diagram for explaining conversion of a telephone number into personal identification data.

First, referring to FIG. 9, when a communication terminal such as a personal computer of a user accesses a wide-area computer network 1 such as the Internet network by wire or wirelessly, an administrative institution / Government offices, two types of telecommunications carriers (ISP (Internet Service P
provider), a virtual shop, or a financial institution (card company, bank, post office, etc.).

In other words, when the user wants to enjoy shopping, he / she should go to the virtual shop, if he wants to go banking, to a financial institution, and if he wants to view / change his / her resident information, to the government agency / government. When a connection is to be made, the ISP is accessed. At this time, all accesses are made by telephone numbers.

For example, when the user connects to the wide area computer network 1 through a telephone number management center functioning as an authentication center and makes a shopping using a so-called credit card in a virtual shop, the virtual shop and the card company use the telephone number as an ID. An authentication / credit inquiry is made to the telephone number management center, which is an authentication agency service organization, to identify the user. Note that, as the telephone number management center, NTT and other telephone carriers that can provide an authentication service are usually targeted.

Next, referring to FIG. 10, the telephone number management center stores personal identification data, which is data for identifying a person, and identification ID data by telephone number in a database in association with each other. . The personal identification data includes the name and address of the person, the card number of each card company, the account number of each bank and post office, the license number of the license,
Insurance card number, email address, URL for each insurance policy
(Home address) is stored.

Referring to the personal identification data stored in the database from the input telephone number, for example, a license number and an insurance card number for an administrative organization and a government office, an e-mail address and a URL for an ISP. , The name and address of the person, the card number to the card company, and the account number to the bank.

In this case, the telephone number management center sends the data relating to the shipping of the product such as the name / address and telephone number of the person to the virtual shop, and sends a debit message of the amount of the purchase to the card company. Notify the card number and thereby give credit.

Such identification is realized by an identification program, which is widely provided by being recorded on a computer-readable recording medium.

Hereinafter, the personal identification program will be specifically described.

(1) Processing on a computer installed between a digital certificate issuing system and a receiving device (dial-up router or modem-equipped host computer) capable of receiving a caller telephone number connected to a public network A program that receives a caller's telephone number from a receiving device that can receive the caller's telephone number, queries the personal identification information database using the caller's telephone number as an identification ID, and performs a series of transactions such as authentication success / failure. Is controlled.

(2) Processing on a computer installed between a digital certificate issuing system and a receiving device (dial-up router or modem-equipped host computer) that can receive a caller telephone number connected to a public network A program that receives a caller telephone number from a receiving device that can receive the caller telephone number, queries the database as the ID of the caller telephone number as an identification ID, and after completion of authentication, controls connection to a wide area computer network. It is a program characterized by performing.

(3) Processing on a computer installed between a digital certificate issuing system and a receiving device (dial-up router or host computer with a modem) that can receive a caller telephone number connected to a public network The program receives a caller's telephone number from a receiving device that can receive the caller's telephone number, inquires the caller's telephone number as an identification ID to a database, and issues an issuance request to a public key digital certificate issuing application. This is a program that controls a series of transactions.

(4) A telephone number is associated with an address or a host name, identification ID conversion of a wide area computer network and a public network is performed based on information stored in a database, and personal identification authentication and communication control are performed. It is a program to be.

(5) A program for monitoring communication between a wide area computer network and a public network by ID conversion, and buffering communication data or storing it in an external storage device depending on the presence or absence of a telephone connection.

As described above, according to the present embodiment, on-line information communication on the wide-area computer network is provided with a connection with the real world, and communication between the wide-area computer network and the public network having different communication procedures is provided. Affinity and fusibility can be increased.

That is, in a public key cryptosystem used to prevent spoofing and interception of communication in a wide area computer network, when assuring a connection between a public key owner and a public key, which is a subject of communication, by a digital certificate,
It is possible to identify the owner of the public key as existing in the real world.

For communications that require high-strength encryption, it is of course necessary to be able to authenticate and prove that the communication partner exists in the real world.
Even in such a case, the convenience of the wide area computer network can be obtained without prior presentation of a certificate valid in the real world such as a registered copy or a license for information on the owner of the public key certified by the digital certificate. It is possible to perform authentication and certification online by taking advantage of nature and immediacy.

Further, the fusion of the public network and the wide area computer network, which are the undercarriage of communication that spreads to each home, is enhanced, which contributes to the development of the information communication field.

[0064]

As described above, according to the method of the present invention, the public key encryption communication on the wide area computer network authenticates and proves that the owner of the public key actually exists as a line subscriber. It is possible to communicate important contents where reliability and security are indispensable. Further, by controlling the connection using the telephone number as the identification ID, the integration of the public network and the wide area computer network becomes easy.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a schematic configuration of a system to which the present invention is applied.

FIG. 2 is a block diagram showing a schematic configuration of an embodiment according to the present invention.

FIG. 3 is a flowchart illustrating a processing procedure in an auxiliary program (1).

FIG. 4 is a flowchart illustrating a processing procedure in an auxiliary program (2).

FIG. 5 is a flowchart illustrating a processing procedure in an auxiliary program (3).

FIG. 6 is a flowchart illustrating a processing procedure in an auxiliary program (4).

FIG. 7 is a flowchart illustrating a processing procedure in an auxiliary program (5).

FIG. 8 is a diagram illustrating an example of a public key digital certificate.

FIG. 9 is a diagram for explaining authentication / credit when identifying a person with a telephone number.

FIG. 10 is a diagram for explaining conversion of a telephone number to personal identification data when personal identification is performed using a telephone number.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 Wide-area computer network 3 Authentication center 5 Connection control part 7 Public network 9 Communication terminal 13 Authentication center 15 Host computer with modem (dial-up router) 19 Computer with modem 31 Communication control system 33 Identification system 35 Certificate issuing system

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04M 11/00 302 G06F 15/30 330 5K101 9A001 (72) Inventor Seiji Saikawa Babacho, Chuo-ku, Osaka-shi, Osaka No. 3-15 West Japan Nippon Telegraph and Telephone Co., Ltd. (72) Inventor Takuhiro Kurosumi 3-15 West Japan Telegraph and Telephone Co., Ltd. 3-15 Babacho, Chuo-ku, Osaka, Osaka (72) Inventor Taku Mashiki Osaka, Osaka 3-15 Babacho, Chuo-ku, Nishi-Nippon Telegraph and Telephone Co., Ltd. (72) Inventor Motoshi Ibuki 3-15 Babacho, Chuo-ku, Osaka-shi, Osaka F-term in Nippon Telegraph and Telephone Co., Ltd. (Reference) 5B049 AA05 DD05 EE05 EE09 EE23 EE56 FF09 GG02 GG04 GG07 GG10 5B055 CC10 EE03 EE17 EE21 EE27 HB06 KK01 KK19 PA05 PA34 PA36 5B085 AA08 AE02 AE04 AE09 AE23 BA07 BE07 BG04 BG07 104 AA07 BA01 KA01 KA02 NA05 NA27 PA07 5K024 AA62 AA71 AA76 BB04 CC09 DD01 DD04 EE06 FF03 GG01 GG05 5K101 KK16 KK20 LL02 MM04 MM05 MM07 NN03 NN18 NN21 NN25 NN02 TT02 UU07 NN03 NN03 NN03 NN03 NN03 NN03

Claims (6)

[Claims] 1. A personal identification method in a network, comprising: identifying a user of the network on the network by a telephone number from a communication terminal connected to the network. 2. A telephone number management means for forming credit information for identifying a user of the public network based on an identification ID based on a telephone number from a communication terminal connected to the public network, and outputting the credit information. And a connection control means provided between the public network and the computer network for controlling connection between these networks according to the credit information. 3. The identification ID is one of a telephone number notified from a public network and a telephone number confirmed by calling back based on a telephone number notified from a communication terminal. A personal identification system in the network according to claim 2. 4. The telephone number management means includes:
3. The personal identification system in a network according to claim 2, comprising: a personal identification unit that determines the personality based on the personal identification information; and a certificate issuing unit that issues a certificate according to a notification from the personal identification unit. 5. The telephone number management means, wherein:
The personal identification system in a network according to claim 2 or 4, further comprising a database that stores at least one of a name, an address, a card number, and an e-mail address in correspondence with the system. 6. A computer-readable recording medium recording a personal identification program in a network, wherein identification of a user of the network on the network is performed by a telephone number from a communication terminal connected to the network. .