JP2001282998A - Service system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a service system which can prevent illegal use. SOLUTION: When the supply of the service of a service supply device 29 is received by a portable telephone set 28, the portable telephone set 28 transmits the use request of a desired service content and information on a service level which is made to correspond to it to a user certification device 23 through the Internet 36. The user certification device 23 receiving the information decides a necessary certification key by an evaluation table 25 based on the service level and the IP address of a transmission source and requests the transmission of the certification key to the portable telephone set 28. When the certification key can be obtained, the user certification device 23 certifies a user and transmits the result to the service supply device 29. The service supply device 29 supplies service to the portable telephone set 28.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a service system for providing services using a network such as the Internet, and more particularly to user authentication.

[0002]

2. Description of the Related Art FIG. 1 shows a conventional service system using the Internet. The personal computer 100 and the mobile phone 108 that can use the Internet
It is a user terminal. Personal computer 100
Are connected to the user authentication device 118 via the telephone network 102, the conversion device 104, and the Internet 116, or directly to the user authentication device 118 via the telephone network 106.
May be connected to The mobile phone 108 is a telephone network 1
10 and the user authentication device 118 via the conversion device 112 and the Internet 116, or directly to the user authentication device 118 via the telephone network 114. In this case, whether or not the Internet 116 is used as a communication path is determined by a destination telephone number or the like used when the user of the user terminal receives user authentication.

[0003] A user authentication device 118 and a service providing device 120 are connected to the Internet 116, respectively.
0 is connected to the LAN 122.

When a user terminal uses a service provided by the service providing apparatus 120, it is necessary to transmit an authentication key for specifying the user. Therefore, the user terminal transmits the authentication key to the user authentication device 118. Then, the user authentication device 118 receiving the authentication key,
The user authentication is performed, and after the authentication is completed, the service providing apparatus 120 provides the service to the user terminal. That is, the user authentication device 118 rejects user authentication if the authentication key sent from the user terminal is not authentic, and permits service use if the authentication key is authentic.

At this time, the service contents may be changed depending on whether or not there is an authentication key, but if the same authentication key is transmitted, the same service contents (for example, It has been practiced to provide a service of a transaction amount limit in banking).

[0006]

However, the conventional service system has the following problems.

As described above, there are various specifications of a user terminal such as a personal computer and a mobile phone which can use the Internet, and there are various types of networks used by the user terminal. In a so-called multi-device environment, malicious users
Unauthorized use by impersonation, such as illegally acquiring or falsifying an authentication key transmitted by those user terminals on a network, may be performed.

[0008] Here, the degree of difficulty of illegally obtaining or falsifying the authentication key of another person on the network differs depending on the type of the user terminal and the type of the network. For example, even if the same authentication key is used, if only a dedicated line is used as a route, there is no possibility that the authentication key will be illegally acquired by a third party because it is a closed line, If the Internet is used as a route, there is a possibility that third parties will obtain the information.

[0009] Then, a malicious user who obtains an authentication key flowing on the Internet by a personal computer or the like having an unauthorized program operates the personal computer or the like to impersonate a legitimate user and authenticate the user. Unauthorized use, such as accessing a device and receiving a service, is performed.

Therefore, providing the same service content to these user terminals even though the same authentication key is used causes a problem. In particular, in the case of service contents with a high service level (for example, a high-value transfer in Internet banking), a user who has been illegally used must pay a fee even though he has not received the service. There is a problem that there is a concern that this will not happen.

[0011] The above situation is concerned as a factor that hinders the development of a system for providing services using the Internet.

The present invention has been made in view of the above-described problems,
An object of the present invention is to provide a service system capable of performing more reliable user authentication.

[0013]

Means for Solving the Problems and Effects of the Invention (1)
A service system according to the present invention is a service system including a terminal device communicably connected to each other via a communication path, a user authentication device, and a service providing device including at least one or more service types. A terminal device, a desired service type information transmitting unit for transmitting desired service type information to the user authentication device, a user information transmitting unit for transmitting user information to the user authentication device, Authentication information transmitting means for transmitting information to the user authentication device, wherein the user authentication device determines the type of authentication information required for user authentication of the terminal device by the desired service type information. A terminal for transmitting authentication information determined by the authentication information determining unit based on the type of the user information or a combination thereof; Authentication information requesting means for requesting the device, user authentication means for performing user authentication based on the authentication information transmitted by the authentication information transmission means of the terminal device, and user authentication obtained by the user authentication means. User authentication result transmitting means for transmitting a result to the service providing device, wherein the service providing device provides a service to the terminal device in response to the user authentication result transmitted from the user authenticating device. Service providing means.

Thus, the terminal device can receive the service by transmitting only the minimum necessary authentication information corresponding to the desired service type. Therefore, when the user transmits the identification information, Operation is simplified.

In addition, not only when the provision of different types of service is requested from various terminal devices but also when the provision of the same type of service is requested, depending on the type of user information of the terminal device. Since the required authentication information may be different, it is possible to prevent unauthorized use by a third party who does not have the proper authentication information.

That is, according to the service system of the present invention, it is possible to prevent a certain type of service from being illegally used even in an environment where a plurality of terminal devices and a plurality of communication paths having different specifications exist.

(2) A service system according to the present invention comprises: a terminal device communicably connected to each other via a communication path;
A service system comprising: a user authentication device; and a service providing device including at least one or more types of services, wherein the terminal device transmits user information to the user authentication device. And authentication information transmitting means for transmitting authentication information to the user authentication device,
The user authentication device performs user authentication based on the user information and determines the type of service provided by the service providing device to the terminal device by determining the type of the user information or the type of the authentication information or An authentication service type determining unit that performs based on a combination of the authentication service type determining unit and an authentication service type information transmitting unit that transmits information of the authentication service type determined by the authentication service type determining unit to the service providing device. Service providing means for providing a service to a terminal device based on the authentication service type information transmitted from the user authentication device.

Thus, not only the difference in the authentication information,
The type of service is determined by judging even the difference in the type of user information.

Therefore, if the authentication information is transmitted from the type of the terminal device or the type of the communication channel in which the user authentication or the like may be performed by illegally acquiring the authentication information of another person, the service is not provided. The service provision can be limited by restricting the type of the authentication information, and a legitimate user who has illegally used the authentication information by a third party does not suffer unexpected damage.

(3) The type of user information according to the present invention is characterized in that it is classified based on the type of terminal device, the type of communication path, or a combination thereof.

Thus, even in an environment where a plurality of terminal devices having different specifications coexist, it is easy to standardize and unify the required authentication information.

(4) The user authentication device according to the present invention is characterized in that the type of the user information of the terminal device is determined based on the IP address.

As a result, standardization and unification of required authentication information is further facilitated. Therefore, even if the type of the terminal device increases, it is possible to quickly and easily perform the setting of the required authentication information and the like.

Here, the IP address is represented by a number or the like which can be easily managed and understood by the computer, so that the processing of the authentication information determining means and the authentication service type determining means can be accelerated.

(5) The user authentication device of the present invention further comprises an authentication information determination table, and the authentication information determination means of the user authentication device refers to the authentication information determination table to obtain the authentication information. Or a service type determination table, wherein the authentication service type determination means of the user authentication device determines the authentication service type by referring to the service type determination table. It is characterized by.

As a result, when the type of the terminal device, the type of the communication path, the type of the authentication information, the type of the service, and the like are changed, the contents of the table may be changed. Therefore, it is possible to quickly and easily set / change the requested authentication information and determine the type of service.

(6) Definition of Terms In the present invention, the term "communication path" refers to a means for communicating with two or more devices, whether wireless or wired, and is open like the Internet. But also LA
N, is a concept that includes closed ones such as telephone networks.
In the embodiment, the Internet 36 and the telephone network 2 in FIG.
2, 26, LAN 27, etc. correspond to this.

[0028] The "terminal device" is a user terminal device on the receiving side of the service, and is a device that can be connected to a network such as the Internet. In the embodiment, the personal computer 20 and the mobile phone 28 in FIG. 2 correspond to this.

In the embodiment, the "service type" corresponds to the concept shown in FIG. 7A, which corresponds to the classification of service contents according to the service level, such as balance inquiry and transfer (up to 30,000 yen). .

"User information" refers to information that determines the type of terminal device, the type of communication channel, or a combination thereof. In the embodiment, this corresponds to an IP address that is an address for uniquely specifying a terminal device on a network.

The "authentication information" is an identifier transmitted from the terminal device to identify the user of the terminal device, and includes a telephone number, an ID, a password, a digital certificate, and the like. In the embodiment, the telephone number and the password in step S25 in FIG. 5 correspond to this.

In the embodiment, the “authentication information determination table” and the “service type determination table” refer to FIG.
Corresponds to the evaluation table.

[0033]

DESCRIPTION OF THE PREFERRED EMBODIMENTS (1) Configuration of an embodiment of a service system An embodiment of a service system according to the present invention will be described with reference to the drawings. FIG. 2 shows a configuration of a service system according to an embodiment of the present invention.

The personal computer 20 and the mobile phone 28 are user terminals. The mobile phone 28 can be used for the Internet, and the personal computer 20 can be used.
Is available on the Internet through a regular telephone dial-up connection or a permanent connection. The personal computer 20 includes a telephone network 22, a conversion device 24,
There are cases where the connection is made to the LAN 27 via the Internet 36 and cases where the connection is made directly to the LAN 27 via the telephone network 26. The mobile phone 28 includes a telephone network 30 and a conversion device 3.
2. There are cases where the connection is made to the LAN 27 via the Internet 36 and cases where the connection is made directly to the LAN 27 via the telephone network 34.

In this case, whether or not the Internet 36 is used as a communication path is determined by a destination telephone number or the like used when the user of the user terminal receives user authentication.

The user authentication device 23 and the service providing device 29 are connected to the LAN 27, respectively.
And both devices are installed in the management center 21.

The converters 24 and 32 are generally operated by a telephone carrier. Further, it is preferable that the management center 21 be operated by a highly public organization such as a telephone communication company or a certified company thereof.

The telephone networks 26 and 34 are not limited to this, and for example, a LAN or a dedicated line may be used. The LAN 27 is connected to the telephone network 26,
Although it is configured to be directly connected to the management center 21, for example, an access server that relays both the LAN 27 and the telephone networks 26 and 34 may be provided in the management center 21. Further, a firewall that relays both the Internet 36 and the LAN 27 is connected to the management center 21.
The security of the network in the management center 21 can be assured by providing it in the management center 21.

(2) Hardware Configuration of Personal Computer 20 and the Like FIG. 3 shows a hardware configuration of the personal computer 20. The personal computer 20 includes a memory 40, a display 42, a communication circuit 44, a keyboard /
Mouse 46, CPU 48, hard disk (recording device) 5
0, a CD-ROM drive 52 is provided. The hard disk 50 stores an operating system (such as Windows 98 by Microsoft Corporation) and a browser program for browsing the web. This browser program is stored in a CD-ROM 54 via a CD-ROM drive 52.
Installed from. The communication circuit 44
This is a circuit for connecting to the Internet 36.

The conversion devices 24 and 32, the user authentication device 23, and the service providing device 29 have the same hardware configuration as that shown in FIG. However, the conversion device 24
And 32, an IP address and a protocol conversion program are recorded on a hard disk. In the user authentication device 23, a user authentication program and an evaluation table as illustrated in FIG. 6 are recorded on a hard disk. In the service providing device 29, a service providing web server program for providing a service is recorded on a hard disk.

(3) Configuration of Mobile Phone 28 FIG. 4 shows a block diagram of the mobile phone 28. As input / output devices, a liquid crystal display 62, a numeric keypad / switch 64, a microphone 66, a speaker (for telephone call) 68, and a speaker (for ringtone) 70 are provided. The audio encoding circuit 74 is a circuit for encoding the audio from the microphone 66 for transmission, decoding the received audio signal, and outputting the decoded audio signal from the speaker 68. The micro-browser 72 is a program recorded in the recording device, and is for browsing data from the service providing web. The wireless communication circuit 76 is a circuit for transmitting or receiving voice or data by wireless communication. The serial data communication circuit 78 is a circuit for performing communication with an external personal computer 84. The memory 80 stores the user's own telephone number, telephone directory, and the like. The control circuit 86 controls these circuits. The battery 82 supplies power to each unit.

(4) The mobile phone 2 according to the first embodiment
Description of Process When Service Provision is Received from FIG. 8 FIG. 5 shows a process when service is received from the mobile phone 28 according to the first embodiment. The service providing device has an internet banking function providing web,
Further, as a premise of this processing, the user of the user terminal needs to undergo user authentication by the user authentication device 23. In this embodiment, an example will be described in which the apparatus is connected to a device in the management center 21 via the telephone network 30, the converter 32, and the Internet 36.

First, the user operates the mobile phone 28 to connect to the service providing device 29 and access the top menu (step S20). Service providing device 29
Transmits a menu screen as shown in FIG. 7A in response to this (step S21). Here, each type of service content in the service providing web of the service providing device 29 is associated with a service level represented by a numerical value of 1 to 9 depending on the content. In the present embodiment, in the menu of FIG. 7A, "latest information" is level 1, "balance inquiry" is level 3, "transfer (up to 30,000 yen)" is level 6, and "transfer (up to 300,000 yen)". "Is set to level 8, and the higher the level, the more reliable the service content that should be for user authentication.

At this time, the converter 32 receives the connection request signal from the mobile phone 28 to the Internet 36.
Performs the protocol conversion of the transmitted signal from the telephone network to the Internet protocol and distributes an IP address to the mobile phone 28, and the IP address uniquely identifies the mobile phone 28 on the network. .

Next, the user selects a desired service content from the menu, and transmits to the user authentication device 23 a use request for the service content and service level information associated with the request. Here, "transfer (up to 30,000 yen)" (level 6) is selected (step S2).
2).

The user authentication device 23 receiving the information
Determines the authentication key required for user authentication for the provision of the level 6 service (step S23). The determination of the authentication key is performed based on an evaluation table as shown in FIG. The evaluation table is provided with columns of an IP address, a service level, and a request authentication key associated therewith. The service level is represented by nine levels, and is recorded while being classified into a certain range of levels. The IP addresses are classified according to the combination of the type of the terminal device and the type of the network through which the terminal device connects to the management center 21.

The reason why such a division can be made by the IP address is that each converter that distributes the IP address is specific to the type of the terminal device to be connected or the type of the network to be connected. Every time there is a request, a free IP address is selected from the pooled IP addresses on that hard disk and distributed.
As a result, this is because the type of the terminal device or the type of the routed network can be determined based on the IP address.

In this embodiment, since the mobile phone 28 is connected via the Internet 36, for example, 123.629.1.5 is distributed as the IP address and the service level 6 is selected. The telephone number and the password are selected as the request authentication key.

Next, the user terminal device 23 requests the portable telephone 28 to transmit the telephone number and the password as the authentication key determined as described above (step S24). In response, the user of the mobile phone 28 inputs a password as shown in FIG. 7B, and the authentication key is transmitted to the user authentication device 23 (step S25). In this case, the telephone number as the authentication key is automatically transmitted.

Upon receiving the authentication key, the user authentication device 23
Based on the authentication key, user authentication for determining whether the user of the mobile phone 28 is a genuine user is performed (step S26), and further, whether the authentication key requested in step S24 has been transmitted or not. The authentication key to determine the authentication is confirmed (step S27). Here, when the user authentication is not performed or the requested authentication key is not transmitted, a notification screen to that effect is transmitted to the mobile phone 28.

When the user authentication and the authentication key are confirmed,
The user authentication device 23 transmits a notification of the authentication confirmation to the service providing device 29 (Step S28). In response to this, the service providing apparatus 29 performs the “transfer (up to 30,000 yen)” service selected by the user of the mobile phone 28 based on the authentication key included in the transmitted authentication confirmation. The user searches for the account number of the user and permits the use of the "transfer (up to 30,000 yen)" service (step S30), and displays a screen as shown in FIG.
To notify the service availability (step S31). As described above, the mobile phone 28
Will use the desired service.

Note that the notification of the authentication confirmation of the user authentication device 23 in step S28 may be transmitted not to the service providing device 29 but to the mobile phone 28. In this case, a notification of the authentication confirmation is transmitted to the service providing apparatus 29 by the redirection from the mobile phone 28 that has received the notification.

(5) Effect of First Embodiment As described above, according to this embodiment, the terminal device transmits only the minimum necessary authentication key corresponding to the desired service level. Since the service can be provided, the operation when the user transmits the authentication key is simplified.

As shown in the evaluation table of FIG.
Not only when the provision of different types of service contents is requested from terminal devices of various specifications, but also when the provision of the same type of service is requested, depending on the type of the terminal device, the authentication key required. May be different, so that unauthorized use by a third party who does not have a proper authentication key can be prevented.

That is, even in a so-called multi-device environment in which a plurality of information terminals and a plurality of networks having different specifications exist, it is possible to prevent unauthorized use of a certain service level.

Here, such unauthorized use includes, for example, impersonation of the user of the mobile phone 28. This is because when a user of the mobile phone 28 who is to be properly authenticated uses a service using the Internet, an authentication key to be transmitted on the Internet 36 is replaced with a personal computer having an unauthorized program. This is performed by a malicious user operating a computer or the like acquiring the information. In other words, in the above case, the malicious user
A phone number and a password as an authentication key flowing on the Internet 36 are obtained and decrypted by an unauthorized program. Then, a malicious user such as a personal computer impersonates the malicious user as if the user uses the obtained authentication key and intrudes into the Internet.

However, even if the unauthorized user attempts to illegally receive the provision of the service contents of the service level 6 by using the telephone number and the password, the IP address distributed by the converter to the personal computer is not changed. Since the personal computer is unique to the personal computer (for example, the IP address is 192.168.1.5), the evaluation table shown in FIG. 6 requires an ID and a digital certificate as an authentication key. That is, the unauthorized user is required to have another authentication key than the unauthorizedly obtained authentication key, and as a result, the user is not authenticated.

As described above, in the present embodiment, as shown in the evaluation table of FIG. 6, the required authentication key is associated with the terminal device type, the network type, and the service level. If access is made from a terminal device type or network type that may be accessed by use, and if the requested service level should be more reliable, the user authentication will be more reliable. It requires an authentication key to be used.

Here, the association of the evaluation tables in FIG. 6 is performed based on the following circumstances. That is, compared to a mobile phone, a personal computer or the like is more likely to be accessed by unauthorized use because there is a possibility that an unauthorized user can change the program. In addition, compared to the telephone network, the Internet is open, and therefore is more likely to be accessed by unauthorized use. Further, comparing with “Latest information (level 1)” and “Balance inquiry (level 3)” in the menu of FIG. 7A, “transfer (up to 30,000 yen) (level 5)” and “transfer (up to 30) (10,000 yen) (level 6) "is due to the situation that user authentication should be performed more reliably.

Therefore, even if the service level is the same, in the case of "personal computer / internet" as compared with the case of "mobile phone / internet", "digital" is used so that user authentication can be performed more reliably. A certificate is additionally required as an authentication key.

In addition, compared to the “Internet”, if the network passed through is the “telephone network”, since the access line is a closed line, the possibility of unauthorized access is low, so that the service level value is high. However, the authentication key may be a simple one (for example, a telephone number).

Note that "cooki" in the evaluation table of FIG.
“e” is a mechanism that stores the success of the previous user authentication in the terminal device or the conversion device.
Since the contents of "e" may be illegally acquired on the Internet and improperly used by spoofing, in the present embodiment, authentication is restricted to service levels 1 to 4. Also, "IC card" Means that the user's information is written in an encrypted form and inserted into the terminal device for use. Like a “digital certificate,” it is unlikely that a third party will guess when comparing with a password. It is difficult, therefore, to authenticate at a higher service level than when using an ID and password.

As described above, the evaluation table according to the present embodiment is classified based on the combination of the terminal device type and the network type. Thereby, even in a so-called multi-device environment where a plurality of terminal devices having different specifications coexist, it becomes easy to standardize and unify the required authentication keys.

Further, the type of the terminal device and the type of the network are determined based on the IP address. This further facilitates standardization and unification of the required authentication keys. Therefore, even if the type of the terminal device increases, it is possible to quickly and easily perform the setting of the required authentication key and the like.

Here, since the IP address is represented by a number or the like that can be easily managed and understood by the computer, the process of determining the required authentication key can be expedited.

Further, the user authentication device 23 determines a necessary authentication key by providing an evaluation table. As a result, when the type of the terminal device, the type of the network, the service level, and the like are changed, the contents of the table may be changed. Therefore, it is possible to set and change the request authentication key and determine the service level quickly and easily.

(6) The mobile phone 2 according to the second embodiment
Description of Process when Service Provision is Received from FIG. 8 FIG. 8 shows a process when service is received from the mobile phone 28 according to the second embodiment. In this case, the configuration of the service system is the same as that shown in FIG.
Also, in the present embodiment, as in the first embodiment, a connection is made to a device in the management center 21 via the telephone network 30, the conversion device 32, and the Internet 36, and the Internet banking function providing web is provided. This will be described with an example of using a service.

However, the difference from the first embodiment is that, in this embodiment, an authentication key is transmitted to the user authentication device 23 in advance before a service to be used by the user of the terminal device is determined. The service level of available service contents is determined based on the authentication key and the IP address distributed to the terminal device.

First, the user operates the mobile phone 28 to connect to the user authentication device 23 and makes a service use request (step S1). In response to this, the user authentication device 23 requests the mobile phone 28 for an authentication key (step S2).

Then, the user of the mobile phone 28 transmits an authentication key to the user authentication device 23 (step S).
3). Here, the password is entered as the authentication key.
Your phone number will be sent automatically. The IP address is also transmitted to the user authentication device 23 in the same manner.

The user authentication device 23 having received the authentication key,
Based on the authentication key, user authentication is performed to determine whether the user of the mobile phone 28 is a genuine user (step S4), and the authentication key is evaluated (step S5).

The evaluation of the authentication key determines the service level of the service contents available to the user of the terminal device that has transmitted the authentication key. This is performed based on the evaluation table illustrated in FIG. 6, but here,
Unlike the first embodiment, the service level corresponding to the combination is determined by determining the column of the IP address and the transmitted authentication key.

The mechanism for the user authentication device 23 to determine what the transmitted authentication key is is, for example, to determine the presence or absence of a digital certificate by an SSL algorithm,
And the presence or absence of a cookie is determined by an HTTP header, and whether or not a telephone number or a password is used is determined by an individual application.

Here, the network via the terminal device is the mobile phone and the Internet, and the transmitted authentication key is the telephone number and the password, so that it is determined that the service level is 6 (step S5).

Then, the user authentication device 23 transmits the evaluation result of the authentication key to the service providing device 29 (step S6), and the service providing device 29 having received the evaluation result from the menu of the net banking service. The service contents corresponding to the service levels 1 to 6 are determined (step S7), and the information is transmitted to the mobile phone 28 as an available service menu (step S8).

At this time, for example, the service providing device 29
Are associated with service levels represented by numerical values of 1 to 9 for each of the service contents, similarly to the first embodiment, and the service contents corresponding to the service levels 1 to 6 are provided. Is the “latest information”
And "Balance Inquiry" and "Transfer (up to 30,000 yen)" are transmitted as a menu screen (step S).
8).

(7) Regarding the Effect of the Second Embodiment As described above, according to the present embodiment, not only the difference in the authentication key but also the difference in the type of the terminal device and the type of the passing network is determined. Service level is determined.
Therefore, when an authentication key is transmitted from a terminal device that is likely to perform user authentication by illegally acquiring another person's authentication key, service provision is limited by limiting the service level. Therefore, a legitimate user who has illegally used the authentication key by a third party does not suffer unexpected damage.

That is, even in a so-called multi-device environment where a plurality of information terminals and a plurality of networks having different specifications exist, it is possible to prevent unauthorized use of a certain service level.

At this time, the service level determined by the evaluation table is determined based on the type of terminal device or the type of network that may be accessed due to unauthorized use, and the lower the service level, the lower the service level. Conversely, if there is little risk of access due to unauthorized use, the service level is set to a higher value.

That is, in the present embodiment, as exemplified in the evaluation table of FIG. 6, for example, even if a mobile phone is used as a terminal device and a telephone number is used as an authentication key, a network passed through the Internet 36 is used.
, The service level is determined to be 1-2, while if the routed network is the telephone network 34, the service level is determined to be 1-9.

The evaluation table of FIG. 6 described in the first and second embodiments is an example, and is not limited to this. In any case, the type of the terminal device and the network And comprehensively determine factors such as the likelihood of the authentication key to be transmitted, such as the type of the service, the contents of the service in the service providing device, and the degree of unauthorized acquisition and forgery of the authentication key, and set the contents of the evaluation table. Is preferred.

In the first and second embodiments, the type of the terminal device and the type of the routed network are determined based on the IP address as the user information. However, the present invention is not limited to this. . For example, a signal is transmitted from the terminal device itself to determine the type of the terminal device or the type of the passing network, and the user authentication device determines the type of the terminal device or the type of the passed network based on the signal. You may make it. Alternatively, the determination may be made based on the trust level of the digital certificate issuer.

[Brief description of the drawings]

FIG. 1 is a diagram showing a conventional service system.

FIG. 2 is a diagram illustrating a service system according to an embodiment of the present invention.

FIG. 3 is a diagram illustrating a hardware configuration of a personal computer as a user terminal.

FIG. 4 is a diagram showing a block diagram of a mobile phone as a user terminal.

FIG. 5 shows a mobile phone 28 according to a first embodiment of the invention.
It is a figure which shows the process at the time of receiving provision of a service from.

FIG. 6 is a diagram showing the contents of an evaluation table.

7A and 7B are diagrams illustrating a display on a liquid crystal display screen of the mobile phone 28, FIG. 7A is a diagram illustrating a menu screen transmitted by the service providing apparatus 29, and FIG. FIG. 7C is a diagram illustrating a screen transmitted by the service providing apparatus 29 as a service availability notification.

FIG. 8 shows a mobile phone 28 according to a second embodiment of the invention.
It is a figure which shows the process at the time of receiving provision of a service from.

[Explanation of symbols]

 Reference Signs List 20 personal computer 28 mobile phone 24, 32 conversion device 23 user authentication device 29 service providing device 21 management center 22, 26, 30, 34,.・ Telephone network 36 ・ ・ ・ Internet 27 ・ ・ ・ LAN 25 ・ ・ ・ Evaluation table

 ──────────────────────────────────────────────────続 き Continued on the front page (72) Inventor Noriyuki Senoo 22 Kyocera Communication System Co., Ltd., 5-5 Higashino Kitanoue-cho, Yamashina-ku, Kyoto-shi, Kyoto (72) Inventor Hiroshi Okubo Hiroshi Higashino-Kita Inoue, Yamashina-ku, Kyoto-shi, Kyoto 5 No. 22 in the town Kyocera Communication System Co., Ltd. F term (reference) 3E040 BA18 CA14 CB01 DA01 EA01 FH01 5B049 AA05 BB46 CC39 EE21 EE23 EE26 EE28 GG02 GG06 GG07 5B055 BB19 EE02 EE03 EE12 HA17 EJ05 507 CE08

Claims (10)

[Claims] 1. A service system comprising: a terminal device communicably connected to each other via a communication path; a user authentication device; and a service providing device including at least one or more service types. The apparatus comprises: a desired service type information transmitting unit for transmitting desired service type information to the user authentication device; a user information transmitting unit for transmitting user information to the user authentication device; Authentication information transmitting means for transmitting to the user authentication device, wherein the user authentication device determines the type of authentication information required for user authentication of the terminal device by the desired service type information or the desired service type information. It is necessary to transmit to the terminal device authentication information determining means based on the type of user information or a combination thereof, and transmission of the authentication information determined by the authentication information determining means. Authentication information requesting means, a user authentication means for performing user authentication based on the authentication information transmitted by the authentication information transmitting means of the terminal device, and a service providing the user authentication result obtained by the user authentication means. A service providing device for receiving a result of the user authentication transmitted from the user authenticating device and providing a service to the terminal device; A service system comprising: 2. A service system comprising: a terminal device communicably connected to each other via a communication path; a user authentication device; and a service providing device including at least one or more service types. The apparatus comprises: user information transmitting means for transmitting user information to the user authentication device; and authentication information transmitting means for transmitting authentication information to the user authentication device. Authentication that performs user authentication based on user information and determines the type of service provided by the service providing device to the terminal device based on the type of the user information, the type of the authentication information, or a combination thereof Service type determining means, and an authentication service for transmitting information of the authentication service type determined by the authentication service type determining means to the service providing apparatus. Service providing means for providing a service to a terminal device based on the authentication service type information transmitted from the user authentication device. Service system. 3. A user authentication device communicably connected to a terminal device via a communication path, wherein the terminal device transmits a determination of the type of authentication information required for user authentication of the terminal device. Authentication information determining means for performing based on desired service type information or user information type or a combination thereof, and authentication information requesting means for requesting the terminal device to transmit the authentication information determined by the authentication information determining means. A user authentication unit for performing user authentication based on the authentication information transmitted by the authentication information transmission unit of the terminal device; and a use for transmitting a user authentication result obtained by the user authentication unit to the service providing device. User authentication result transmitting means, and a user authentication device. 4. A user authentication device communicably connected to a terminal device via a communication path, performing user authentication based on user information transmitted by the terminal device, and providing a service providing device to the terminal device. Authentication service type determining means for determining the type of service to be provided to the user based on the type of the user information, the type of authentication information, or a combination thereof; and information on the authentication service type determined by the authentication service type determining means. Authentication service type information transmitting means for transmitting the service authentication information to the service providing apparatus. 5. The method according to claim 1, wherein the type of the user information is classified based on the type of the terminal device, the type of the communication path, or a combination thereof. . 6. The user authentication device according to claim 1, wherein the user authentication device determines a type of user information of the terminal device based on the IP address. 7. The user authentication device according to any one of claims 1, 3, 5, and 6, further comprising an authentication information determination table, wherein the authentication information determination means of the user authentication device comprises: The authentication information is determined by referring to an information determination table. 8. The user authentication device according to claim 2, further comprising a service type determination table, wherein the authentication service type determination means of the user authentication device comprises: An authentication service type is determined by referring to a service type determination table. 9. A service type or a terminal device type,
Data comprising: a condition storage unit defined based on a communication channel type, an IP address or a combination thereof; and an authentication information storage unit storing authentication information corresponding to the condition storage unit. Recording medium on which is recorded. 10. A condition storage unit defined based on a type of authentication information, a type of terminal device, a type of communication path, an IP address or a combination thereof, and a type of service corresponding to the condition storage unit. A storage medium for storing data characterized by comprising: a stored service type information storage unit.