JP2006107316A - Authentication system and authentication method - Google Patents

Authentication system and authentication method Download PDF

Info

Publication number
JP2006107316A
JP2006107316A JP2004295822A JP2004295822A JP2006107316A JP 2006107316 A JP2006107316 A JP 2006107316A JP 2004295822 A JP2004295822 A JP 2004295822A JP 2004295822 A JP2004295822 A JP 2004295822A JP 2006107316 A JP2006107316 A JP 2006107316A
Authority
JP
Japan
Prior art keywords
authentication
card
service
user
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2004295822A
Other languages
Japanese (ja)
Other versions
JP4716704B2 (en
Inventor
Kunihiko Kachi
邦彦 加地
Original Assignee
Kunihiko Kachi
邦彦 加地
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kunihiko Kachi, 邦彦 加地 filed Critical Kunihiko Kachi
Priority to JP2004295822A priority Critical patent/JP4716704B2/en
Publication of JP2006107316A publication Critical patent/JP2006107316A/en
Application granted granted Critical
Publication of JP4716704B2 publication Critical patent/JP4716704B2/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

<P>PROBLEM TO BE SOLVED: To effectively improve security while reducing a load to a user such as a complicated operation, at the time of authentication processing for receiving a service through a communication network such as the Internet. <P>SOLUTION: A card ID for identifying an IC tag is stored in a memory of an IC card 1. A terminal ID for identifying a portable terminal unit is stored in a memory of a portable terminal unit 2. With a reader/writer function of the portable terminal unit 2, at the time of executing the authentication of the communication network, the card ID is read out from the IC card 1, and the read card ID and the terminal ID of the self-terminal is transferred to an authentication server 4. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an authentication system and an authentication method for authenticating an accessor in a communication network.

  In recent years, various services such as ticket reservation and sales on the Web and various electronic commerce (online trading) such as stock trading have been developed through communication networks such as the Internet. In addition, it is possible to access the communication network by a portable information terminal such as a mobile phone or a PDA (Personal Digital Assistant) and receive the service.

  Thus, in order to receive service provision from the communication network by the portable information terminal, it is necessary to authenticate the user. As a technique for performing this authentication, for example, there is one disclosed in Patent Document 1.

  In the technology disclosed in Patent Document 1, the user registration is completed in advance by applying to the service provider for registration of personal information that can be received by the user with his / her mobile phone. After that, for example, the user accesses the content server via the Internet by Internet browsing using a mobile phone. By this access, for example, the user can browse the contents for the securities trading service on the display, and can acquire stock price information or trade securities on the display screen.

When providing such a service, the service provider requests the user to input a “user ID” and a “password” for specifying the user. On the other hand, the user inputs his / her “user ID” or the like with a mobile phone, and this input information is transmitted as “user input information” from the mobile phone to the content server via the Internet. The user is authenticated by the sent “User ID”.
JP 2002-77446 A

  However, the technique disclosed in Patent Document 1 described above has a problem that each time a service is provided, the user must perform an operation of inputting and transmitting a user ID, which is complicated.

  In order to improve security, it is preferable to set different IDs and passwords for each service. In this case, however, the user must memorize the ID and password for each service, and the burden on the user is high. May increase.

  Therefore, the present invention has been made in view of the above points, and in the authentication process for receiving a service provided by a portable information terminal such as a mobile phone or a PDA through a communication network such as the Internet, a complicated operation or the like is required. It is an object of the present invention to provide an authentication system and an authentication method that can effectively improve security while reducing the burden on the system.

  In order to solve the above problems, the present invention uses an IC tag having an IC chip, a memory, and a communication interface, and a mobile terminal device having a data communication function and a memory for transmitting / receiving data to / from a communication network. The accessor is authenticated by an authentication server arranged on the communication network.

  Specifically, the card ID for specifying the IC tag is stored in the memory of the IC tag, and the terminal ID for specifying the mobile terminal device is stored in the memory of the mobile terminal device. When performing authentication for the communication network using a reader function that reads data from the memory, the card ID is read from the IC tag, and the read card ID and its own terminal ID It is sent to the authentication server through the communication function. In the present invention, the communication interface provided in the IC tag includes an interface for non-contact communication by wireless or the like, and contact (wired) communication by a cable, an adapter means or the like.

  According to the present invention, authentication is performed using two types of IDs, a card ID and a terminal ID, so that security can be ensured, and the two types of IDs can be separated into independent IC tags (such as RFID tags). Since it is stored in the mobile terminal device, even if either the IC tag or the mobile terminal device is lost or stolen, the ID can be prevented from being stolen by a third party. In the present invention, the memory is a storage device having a function of holding information, and may be, for example, a built-in CPU or a separate one from the CPU.

  Further, since the card ID is automatically read and transmitted by the reader function of the portable terminal device during the authentication process, it is not necessary for the user to separately input an authentication identifier such as a password.

  In the above invention, the authentication server is provided with a user database that associates and registers a user ID for identifying an accessor, a card ID, and a terminal ID, updates the card ID registered in the user database, and is provided in the mobile terminal device It is preferable to rewrite the card ID stored in the memory of the IC tag with an updated new card ID through a writer function for writing data to the IC tag.

  In this case, the card ID stored in the user database and the IC tag is updated by the malicious third party every time the service is provided, or by the user's arbitrary operation or periodically. Even if an ID is stolen, access by a malicious third party can be prohibited, and damage caused by ID theft can be minimized.

  In the above invention, a service providing server for providing a service through the communication network is arranged on the communication network, a unique card ID is associated with each service in the user database, and the service related to the access request in the authentication server. Authentication is performed using the card ID associated with the service, and if the authentication is successful, access to the service providing server that provides the authorized service is permitted, and each service is associated with the service. It is preferable to update the card ID.

  In this case, by setting a card ID for each service, security management for each service becomes possible, and diversity of ID management can be achieved.

  In the above invention, a service providing server that provides a service through the communication network is arranged on the communication network, and the unique authentication information necessary for authentication processing unique to these service providing servers is associated with each user ID in the user database. In the authentication server, authentication is performed using the card ID and terminal ID related to the access request, and if the authentication is normally performed, the service providing server that provides the authorized service. Alternatively, unique authentication information may be transmitted to obtain access permission to the service providing server.

  In this case, the user performs the authentication process using the card ID and the terminal ID described above, and selects the service desired to be accessed, while maintaining the security, and the authentication process unique to each service providing server. It is possible to execute access by omitting the operation on.

  In the above invention, in the portable terminal device, information acquired in the service accessed most recently is stored in a cache unit, and a communication establishment detecting unit determines whether or not communication between the portable terminal device and the authentication server is established When the communication is not established and the communication is not established, the information stored in the cache unit may be output.

  In this case, for example, even in a communication environment where radio waves do not reach, the latest information (for example, a service providing page displayed in HTML or other data format) can be browsed, and communication is established. At this point, the authentication process is forcibly executed, so that security can be ensured.

  In the above invention, in the user database, a rewrite password, which is an identifier independent of the card ID, is registered in association with each user ID by a user operation, and when an access request is made, the card ID or terminal ID in the authentication server If either one of them is not acquired, the rewrite password may be acquired from the user, and the acquired rewrite password may be replaced with a card ID or terminal ID for authentication.

  In this case, if you lose your card or device, you can easily use a reissued card that has not been assigned a card ID or a device that has been newly purchased and has not been assigned a device ID. The authentication service by the authentication server can be used continuously. In this case, the detection that the card ID or the terminal ID is not acquired may be executed on the server side or may be executed on the terminal side.

  As described above, according to the present invention, a burden on a user such as a complicated operation in an authentication process for receiving a service provided by a portable information terminal such as a mobile phone, a PDA, or a personal computer through a communication network such as the Internet. It is possible to effectively improve security while mitigating the problem.

[First Embodiment]
A first embodiment of the present invention will be described with reference to the drawings.

(System configuration)
FIG. 1 is an explanatory diagram showing a schematic configuration of an authentication system according to the present embodiment. As shown in the figure, the authentication system according to the present embodiment includes an IC card 1, a portable terminal device 2 that can be connected to an IP network 3 such as the Internet, and an authentication server 4 arranged on the IP network. ing. Further, on the IP network 3, a service providing server group 5 (5a to 5c) that provides a service through the IP network 3 is arranged.

  The IP network 3 is a distributed type constructed by mutually connecting various communication lines (public lines such as telephone lines, ISDN lines, ADSL lines, private lines, wireless communication networks) using the communication protocol TCP / IP. It is a communication network, and this IP network includes LANs such as 10BASE-T and 100BASE-TX intranets (enterprise networks) and home networks.

  The IC card 1 is a card that incorporates an IC tag including an IC chip, a memory, and a non-contact communication interface, and a card ID that identifies the IC tag is stored in the memory of the IC tag. The non-contact communication interface according to the present embodiment is a so-called RF tag based on RFID technology that transmits a card ID as a radio wave signal, includes a metal antenna for transmitting and receiving radio waves, and has a built-in power source such as a battery. An electromagnetic wave induction system that actively transmits an information signal from an RF tag, and an electromagnetic wave induction system that outputs an electromagnetic wave from an antenna on the other side to be communicated and transmits an information signal by a current induced according to the output of the electromagnetic wave There is.

  In the present embodiment, a card type is adopted as a form of the IC tag, but the present invention is not limited to this, and an IC tag that stores a card ID and can transmit and receive the card ID by non-contact communication is used. As long as it is built-in, various forms can be adopted. In this embodiment, non-contact communication by wireless or the like is adopted as a communication interface provided in the IC tag. However, an interface for contact (wired) communication by a cable, an adapter unit, or the like may be used.

  The mobile terminal device 2 is a device having a data communication function and memory for transmitting / receiving data to / from a communication network, and can take the form of, for example, a mobile phone 2a, a PDA (Personal Digital Assistant) 2b, or the like.

  Specifically, as shown in FIG. 2, the portable terminal device 2 includes a communication unit 21 as a data communication function, a display unit 22 such as a liquid crystal display, an operation unit 23 such as a button key and a jog dial, a memory 24, a service determination unit 63 that determines a service related to access or card ID update, an ID management unit 26 that manages a card ID in the IC card 1, a non-contact type reader / writer 27 that is a reader / writer function, And a control unit 28 such as a CPU for controlling the operations of these units.

  The service determination unit 25 determines the service that the mobile terminal device 2 is currently accessing (or tries to access) and the service that the card ID update unit 6 is to be rewritten based on the URL or other identifier, This module notifies the ID management unit 26 of the determination result.

  The ID management unit 26 stores the address on the memory of each card ID stored in the IC card 1 in association with the type of service. When a service is specified by the service determination unit 25, the ID is specified. In order to access the card ID corresponding to the service, the reader / writer 27 is operated to read and rewrite the target card ID.

  The mobile terminal device 2 includes means for displaying information such as a browser function, for example, and displays information on the IP network 3 (for example, a web page in HTML or data displayed in another data format). It can be browsed by the unit 22 and various procedures can be performed by a user operation by the operation unit 23. That is, the function of displaying information on the IP network 3 is realized by executing application software for browsing a web page such as browser software, and an HTML (HyperText Markup Language) file from the IP network 3. Download image files, image files, music files, etc., analyze and display / playback layouts, send data to Web server using send form, C ++, JavaScript (registered trademark), Flash, and Java It is also possible to operate application software described in (registered trademark) or the like.

  The memory 24 of the mobile terminal device 2 stores a terminal ID that identifies the mobile terminal device 2. The terminal ID may be, for example, a telephone number assigned to a mobile phone or an IP address assigned to a wireless communication adapter.

  The reader / writer 27 is a device that reads / writes data from / to the memory of the IC card 1 by non-contact communication. Read the ID. The read card ID is sent to the authentication server 4 through the communication unit 21 together with its own terminal ID.

The authentication server 4 is a computer that verifies the legitimacy of an accessor (whether access right or the like) or software having the function. In this embodiment, the user ID, card ID, and terminal ID that identify the accessor Are registered in association with each other. The user database 41 stores table data as shown in Table 1, and obtains a combination of a card ID and a terminal ID according to a user's access, collates the user ID, and gives the access right to the accessor. It is confirmed whether or not the accessor is the person himself / herself. By confirming the accessor by such authentication processing, it is possible to identify the user and provide different services for each user.

  That is, in this embodiment, in the user database 41, a unique card ID is associated with each service provided by each of the service providing servers 5a to 5c, and the authentication server 4 uses the card ID associated with the service related to the access request. When authentication is performed normally, access to the service providing servers 5a to 5c that provide the permitted service is permitted.

  In addition, on the IP network 3, the card ID registered in the user database 41 is updated, and the card ID stored in the memory of the IC tag 1 through the reader / writer function of the portable terminal device 2 is updated with the updated new card. A card ID update unit 6 for rewriting the ID is arranged. Each time the user accesses a specific service, the card ID update unit 6 updates the card ID associated with the service.

  Specifically, as shown in FIG. 3, the card ID updating unit 6 includes a communication unit 61 that transmits and receives data to and from the IP network 3, an ID issuing unit 62 that issues a card ID for each service, and a card ID. The service determination unit 63 that acquires the service to be issued from the authentication server 4 and the card ID issued by the ID issuing unit 62 and the service determined by the service determination unit 63 are stored in the user database 41 in association with each other. The database management unit 64 rewrites the card ID record of the table data, and the control unit 65 that controls the operation of each unit.

(Authentication method)
By operating the authentication system having the above configuration, the authentication method of the present invention can be implemented. FIG. 4 is a sequence diagram showing the operation of the authentication system according to the present embodiment.

  First, a URL or the like is specified by a user operation on the mobile terminal device 2, a service to be provided is specified, and access is started by data communication (S101).

  At the time of access, the card reader provided in the portable terminal device 2 reads the card ID related to the service to be provided from the IC card 1 (S102) and calls the terminal ID of the own device (S103) to read The card ID and its own terminal ID are transmitted to the authentication server 4 through the data communication function (S104).

  Then, the authentication server 4 collates the user database 41 based on the card ID and the terminal ID, and authenticates the user ID of the accessor (S105). If it is determined in step S105 that the accessing person is not a legitimate user, the access is denied and a notification to that effect is given (S107).

  If it is determined in step S105 that the accessor is a legitimate user and has the right to receive a service related to the access request, the card ID update unit 6 is requested to update the card ID and authentication is performed. The access to the service providing server related to the service is permitted, and the service provision is started (S108 and S109).

  In step S108, the card ID update unit 6 updates the card ID registered in the user database 41, and the card ID stored in the memory of the IC card 1 through the reader / writer function of the mobile terminal device 2, The updated new card ID is rewritten (S110). In the card ID update, the card ID associated with the service is updated for each service.

(Action / Effect)
According to the authentication system and the authentication method according to the present embodiment described above, the authentication server 4 performs authentication using two types of IDs, that is, a card ID and a terminal ID, so that security can be ensured. Also, since two types of IDs are stored in the IC card 1 and the mobile terminal device 2 which are separately independent, if either the IC card 1 or the mobile terminal device 2 is lost or stolen, the ID is further Even if the information is counterfeited, it is possible to prevent the ID from being stolen by a third party.

  Further, since the card ID is automatically read and transmitted from the reader / writer 27 of the portable terminal device during the authentication process, it is not necessary for the user to separately input an authentication identifier such as a password.

  As a result, according to the present embodiment, effective security can be achieved while reducing the burden on the user such as complicated operations during the authentication process for receiving services provided by the mobile phone 2a, the PDA 2b, etc. via the IP network 3. Can be improved.

  Furthermore, in this embodiment, every time the user uses the service, the card ID registered in the user database 41 is updated, and the card ID stored in the memory of the IC card 1 through the reader / writer 27 of the mobile terminal device 2 is updated. Is replaced with a new updated card ID, so even if a malicious third party steals the card ID from the IC card 1, access to the malicious third party can be prohibited. The damage caused by can be kept to a minimum.

  Further, in this embodiment, by performing authentication for each service using the card ID associated with the service related to the access request, security management for each service can be performed, and diversity of ID management can be achieved. .

[Second Embodiment]
Next, a second embodiment of the present invention will be described with reference to the drawings. In the above-described first embodiment, the authentication server 4 integrally authenticates the accessor, and the access to the service providing servers 5a to 5c is permitted for the service that has been successfully authenticated. The embodiment is characterized in that each service providing server corresponds to access authentication unique to each service providing server.

  More specifically, in the first embodiment described above, access authentication is performed only in the authentication server 4, connection of a normally authenticated accessor to the service providing server is permitted, and authentication on the service providing server side is not performed. . However, in the case of making a partnership with a service providing server that already has a unique authentication system, a mechanism for connecting to the existing authentication system on the service providing server side is required.

  In this embodiment, in order to respond to such a request, the user database 41 side holds authentication information (user ID and password unique to the service providing server) and form data for connection to the existing authentication system of the service providing server. After the authentication using the card ID and the terminal ID in the first embodiment is performed by the authentication server 4, the authentication information for connection and the form data are used to omit the input operation by the user, and to the existing authentication system. Connect.

  Specifically, the table data associated by the relationship as shown in FIG. That is, among the table data shown in Table 1, the user ID (for the authentication server 4), the terminal ID and the card ID are stored as basic authentication information in the table T1, and the user ID (or record number) of this table T1 is the main data. The service authentication information table T2 and the access history table T3 are associated as keys.

  As shown in the figure, the service authentication information table T2 includes, for each service ID for identifying a service, address information such as a URL or an IP address that is an access destination of each service, a service-specific user ID and password. Associated. The user ID, password, etc. are registered by user operation. The table T2 is associated with form information D1 for linking to the authentication page of each service, and stores form data such as HTML for connecting to each service providing server. In the present embodiment, the data stored in the table T2 is registered by a user operation. However, for example, information already registered may be acquired in cooperation with each service providing server side.

  Then, after performing authentication using the card ID and terminal ID as described above, the authentication server 4 collates the authentication information table T2 with the user ID of the user who has been authenticated as the primary key, and tries to access it. The user ID and password unique to each service providing server are acquired from the service ID of the service being used, and these IDs and passwords are embedded in the form information D1 and transmitted to the service providing server, and automatically for the existing authentication system. An authentication process is executed to connect the user terminal 1 and the service providing server.

  The form information D1 is used when the transmission method for the service providing server is in the “POST” format. For example, when the transmission method for the service providing server is in the “GET” format, Embed password (including tag name setting) and execute access.

  According to this embodiment, the user executes the authentication process using the card ID and the terminal ID described in the first embodiment, and selects the service that the user desires to access. Access can be executed while maintaining an operation while omitting the operation for the authentication processing unique to each service providing server.

  In the first embodiment, the card ID is set for each service, and the process of periodically rewriting the card ID is executed. However, in this embodiment, an ID or password unique to each service providing server is used. Therefore, a single card ID may be used.

[Third Embodiment]
Next, a third embodiment of the present invention will be described with reference to the drawings. The present embodiment is characterized in that a cache function for temporarily storing information is added to the mobile terminal device 2 in the first embodiment described above. Specifically, as shown in FIG. 6, the area of the page cache unit 241 is secured in the memory 24, and the function of the communication establishment detection unit 281 is added to the control unit 28.

  The page cache unit 241 is an area for storing, for each service, the most recent page data (information data including HTML and other file types) acquired and browsed when authentication is properly established and service is provided. The page data stored in the page cache unit 241 is read in response to a request from the control unit 28 and displayed on the display unit 22.

  The communication establishment detection unit 281 is a module that detects whether or not communication is established when a user performs an access operation to receive provision of a service. When the communication is established according to the detection result of the communication establishment detection unit 281, the control unit 28 uses the card ID and the terminal ID in the same manner as in the first embodiment described above. If the communication is not established, the most recent page stored in the page cache unit 241 is the page of the service that is about to be provided without executing the authentication process or the like through the communication. Is displayed.

  According to this embodiment, for example, even in a communication environment where radio waves do not reach, the latest service provision page can be browsed, and when communication is established, authentication processing is forcibly performed. Because it executes, security can be ensured.

[Fourth Embodiment]
Next, a fourth embodiment of the present invention will be described with reference to the drawings. The present embodiment is characterized in that a rewrite password is introduced into the system in the first embodiment described above. Specifically, as shown in FIG. 7A, a field describing a rewrite password is added to the table T1 stored in the user database 41. The rewrite password is authentication information used when rewriting the terminal ID and card ID registered in the table T1, and is permanently registered in association with the user ID.

  Specifically, in the first embodiment described above, since the card ID is periodically rewritten by the card ID update unit 6, the user cannot know the current card ID. For this reason, for example, if the card 1 is lost, the service cannot be provided. In this embodiment, in such a case, the rewrite password is transmitted to the authentication server 4 by manual input by a user operation, and the rewrite password is replaced with the card ID to perform an authentication process.

  Furthermore, in this embodiment, as shown in FIG. 5B, the card detection unit 29 is provided in the mobile terminal device 2, and after losing the card (blank card) for which the card ID has not been stored yet is After being issued, you can continue to receive authentication services by this system.

  The card detection unit 29 is a module that detects that the recognized card is a blank card and notifies the control unit 28 when the blank card is recognized by the reader / writer 27.

  When the card detection unit 29 detects that the card is a blank card, the control unit 28 does not execute the authentication process using the card ID and the terminal ID described above, and inputs the rewrite password to the user. Request. When the rewrite password is input, the control unit 28 transmits the rewrite password and the terminal ID to the authentication server 4, thereby performing authentication processing.

  Upon receiving the rewrite password, the authentication server 4 returns a card ID already registered in the table T1 or a newly issued card ID to the terminal 2, and the terminal 2 receives the card received by the reader / writer 27. Write the ID on a blank card.

  According to this embodiment, when the card is lost, the authentication service by the authentication server 4 can be easily used continuously by using the reissued card.

  In the present embodiment, the blank card is detected on the mobile terminal device 2 side, but the present invention is not limited to this, and may be performed on the authentication server 4 side. Specifically, the following procedure is followed.

  When the user authenticates the authentication server 4 with a blank card, the authentication server 4 requests the mobile terminal device 2 to transmit a card ID. In this case, since the card is a blank card, the mobile terminal device 2 cannot transmit the card ID. When the authentication server 4 does not receive the card ID for a certain period of time, the authentication server 4 executes a process for requesting the input of the rewrite password, and the rewrite password is input. And write.

  In this case, it is possible to guide the user to input the rewrite password from the authentication server 4 side, and even if the user has no knowledge of the special operation of card reissue, the service continuation procedure is easily performed. be able to.

  In this embodiment, the case where the card is lost has been described as an example. However, the present invention can also be applied to the case where the terminal is lost. That is, there is either a terminal ID or a card ID, and by using this and the rewrite password, the service is continuously used while maintaining security.

[Example of change]
In each of the embodiments described above, a method of rewriting a card ID by non-contact communication is adopted. However, the present invention is not limited to this, and for example, a portable terminal device by a contact type method such as a USB memory or the like. The card ID may be read and written.

  In the above embodiment, the card ID is rewritten every access, but may be once every several times, for example. In this case, the service provider manages the number of accesses since the last card ID rewrite. Thereby, the load on the database can be reduced.

  Furthermore, in the above-described embodiment, the read / write function for reading and writing the card ID is provided in the mobile terminal device. However, only the read function may be provided so as to read only the card ID. In this case, it is preferable to add means for improving security such as encryption of the card ID.

  In the above-described first to fourth embodiments, each function has been described for each embodiment. However, these functions are not limited to being provided alone, and a system is configured by appropriately combining each function. Can do.

  Further, in each of the above embodiments, the card ID is read from the card reader and the authentication process is performed using the terminal ID and the card ID. However, instead of the card reader, a fingerprint recognition function is provided in the portable terminal device, and the fingerprint is stored in the card. You may make it perform an authentication process as ID. In this case, since the fingerprint is unchanged and it is difficult to forge, a function corresponding to the rewriting of the card ID becomes unnecessary.

It is explanatory drawing which shows schematic structure of the authentication system which concerns on 1st Embodiment. It is a block diagram which shows the internal structure of the portable terminal device which concerns on 1st Embodiment. It is a block diagram which shows the internal structure of the card ID update part which concerns on 1st Embodiment. It is a sequence diagram which shows operation | movement of the authentication system which concerns on embodiment. It is explanatory drawing which shows the table data of the authentication system which concerns on 2nd Embodiment. It is a block diagram which shows the internal structure of the portable terminal device which concerns on 3rd Embodiment. (A) is explanatory drawing which shows the table data of the authentication system which concerns on 4th Embodiment, (b) is a block diagram which shows the internal structure of a portable terminal device.

Explanation of symbols

D1 Form information T1 to T3 Table data 1 IC card 2 Mobile terminal device 2a Mobile phone 2b PDA
DESCRIPTION OF SYMBOLS 3 ... IP network 4 ... Authentication server 5 ... Service provision server group 5a-5c ... Service provision server 6 ... Card ID update part 21 ... Communication part 22 ... Display part 23 ... Operation part 24 ... Memory 25 ... Service determination part 26 ... ID Management unit 27 ... Reader / writer 28 ... Control unit 29 ... Card detection unit 41 ... User database 61 ... Communication unit 62 ... ID issuing unit 63 ... Service determination unit 64 ... Database management unit 65 ... Control unit 241 ... Page cache unit 281 ... Communication Established detector

Claims (12)

  1. IC tag with IC chip, memory and communication interface;
    A portable terminal device having a data communication function and a memory for transmitting and receiving data to and from a communication network;
    And an authentication system for authenticating an accessor by an authentication server arranged on the communication network,
    The memory of the IC tag stores a card ID that identifies the IC tag,
    The memory of the mobile terminal device stores a terminal ID that identifies the mobile terminal device,
    The portable terminal device
    With a reader function to read data from the memory of the IC tag,
    When performing authentication for the communication network, the card ID is read from the IC tag by the reader function,
    An authentication system, wherein the read card ID and its own terminal ID are sent to the authentication server through the data communication function.
  2. The authentication server comprises a user database for registering the user ID for identifying the accessor, the card ID and the terminal ID in association with each other,
    The mobile terminal device further comprises a writer function for writing data to the memory of the IC tag,
    In the communication network, the card ID registered in the user database is updated, and the card ID stored in the memory of the IC tag is updated to the updated new card ID through the writer function of the portable terminal device. The authentication system according to claim 1, wherein a card ID update unit to be rewritten is arranged.
  3. On the communication network, a service providing server that provides a service through the communication network is arranged, and in the user database, a unique card ID for each of these services is associated with each user ID,
    The authentication server performs authentication using the card ID associated with the service related to the access request, and if the authentication is normally performed, permits access to the service providing server that provides the permitted service. And
    The authentication system according to claim 2, wherein the card ID updating unit updates a card ID associated with the service for each service.
  4. A service providing server that provides a service through the communication network is arranged on the communication network. In the user database, unique authentication information necessary for authentication processing unique to these service providing servers is associated with each user ID. Registered,
    The authentication server performs authentication using the card ID and the terminal ID related to the access request, and if authentication is performed normally, the authentication server authenticates the service providing server that provides the permitted service. Send information, get permission to access the service provider server,
    The authentication system according to claim 2, wherein:
  5. The portable terminal device
    A cache unit that accumulates information acquired in the service accessed most recently;
    A communication establishment detection unit for detecting whether communication between the mobile terminal device and the authentication server is established, and for outputting information stored in the cache unit when communication is not established; The authentication system according to claim 1, further comprising:
  6. In the user database, a rewrite password that is an identifier independent of the card ID is registered in association with each user ID by a user operation,
    The authentication server obtains the rewrite password from the user when either the card ID or the terminal ID is not acquired at the time of the access request, and replaces the acquired rewrite password with the card ID or the terminal ID. The authentication system according to claim 1, wherein authentication is performed.
  7. IC tag with IC chip, memory and communication interface;
    A portable terminal device having a data communication function and a memory for transmitting and receiving data to and from a communication network;
    And an authentication method for authenticating an accessor by an authentication server arranged on the communication network,
    Storing a card ID for identifying the IC tag in the memory of the IC tag, and storing a terminal ID for identifying the portable terminal device in the memory of the portable terminal device;
    A step (2) of reading the card ID from the IC tag when performing authentication for the communication network by a reader function for reading data from the memory of the IC tag in the portable terminal device; ,
    (3) including sending the read card ID and the terminal ID of the own device to the authentication server through the data communication function and authenticating using the card ID and the terminal ID. A characteristic authentication method.
  8. The authentication server is provided with a user database for registering the user ID for identifying the accessor, the card ID and the terminal ID in association with each other,
    After the step (3), the card ID registered in the user database is updated and stored in the memory of the IC tag through a writer function provided in the portable terminal device for writing data to the IC tag. 8. The authentication method according to claim 7, further comprising a step (4) of rewriting the card ID that has been updated with a new updated card ID.
  9. On the communication network, a service providing server that provides a service through the communication network is arranged, and in the user database, a unique card ID for each of these services is registered in association with each user ID,
    In the step (3), the authentication server performs authentication using the card ID associated with the service related to the access request, and provides a service that provides an authorized service when the authentication is normally performed. Allow access to the server,
    9. The authentication method according to claim 8, wherein in step (4), the card ID associated with the service is updated for each service.
  10. A service providing server that provides a service through the communication network is arranged on the communication network, and unique authentication information necessary for authentication processing unique to these service providing servers is registered in the user database in association with each user ID. Aside,
    In the step (3), the authentication server performs authentication using the card ID and the terminal ID related to the access request, and provides a permitted service when the authentication is normally performed. In response, the unique authentication information is transmitted to obtain access permission to the service providing server.
    The authentication method according to claim 8, wherein:
  11. In the mobile terminal device, the information acquired in the service accessed most recently is stored in the cache unit,
    In the step (3), the communication establishment detection unit detects whether or not communication between the portable terminal device and the authentication server is established. If communication is not established, the communication is stored in the cache unit. The authentication method according to claim 8, further comprising: outputting the processed information.
  12. In the user database, a rewrite password that is an identifier independent of the card ID is registered in association with each user ID by a user operation,
    In the previous step (3), the authentication server obtains the rewrite password from the user when either the card ID or the terminal ID is not obtained at the time of the access request, and the obtained rewrite password is The authentication method according to claim 8 or 9, wherein authentication is performed instead of the card ID or the terminal ID.
JP2004295822A 2004-10-08 2004-10-08 Authentication system and authentication method Expired - Fee Related JP4716704B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2004295822A JP4716704B2 (en) 2004-10-08 2004-10-08 Authentication system and authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2004295822A JP4716704B2 (en) 2004-10-08 2004-10-08 Authentication system and authentication method

Publications (2)

Publication Number Publication Date
JP2006107316A true JP2006107316A (en) 2006-04-20
JP4716704B2 JP4716704B2 (en) 2011-07-06

Family

ID=36376958

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2004295822A Expired - Fee Related JP4716704B2 (en) 2004-10-08 2004-10-08 Authentication system and authentication method

Country Status (1)

Country Link
JP (1) JP4716704B2 (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007148478A1 (en) * 2006-06-21 2007-12-27 Hmi Co., Ltd. Computer authenticating system
WO2008065341A2 (en) 2006-12-01 2008-06-05 David Irvine Distributed network system
JP2008165659A (en) * 2006-12-29 2008-07-17 Secom Co Ltd Authentication system
JP2009258816A (en) * 2008-04-14 2009-11-05 Nippon Telegr & Teleph Corp <Ntt> Charging information management system and method
JP2010198333A (en) * 2009-02-25 2010-09-09 Nec Corp Service provision system, information reading apparatus, method of providing service, method of transmitting user information, and program
JP2011008458A (en) * 2009-06-25 2011-01-13 Casio Computer Co Ltd Mobile terminal management system
JP2011524677A (en) * 2008-06-10 2011-09-01 アルカテル−ルーセント Method for providing end device access to services, and end device and mobile terminal implementing such method
JP2011215764A (en) * 2010-03-31 2011-10-27 Dainippon Printing Co Ltd Information processing system, information processing server, information processing method and information processing program and the like
JP2011243017A (en) * 2010-05-19 2011-12-01 Ricoh Co Ltd Information processor, authentication system, authentication method, authentication program and recording medium
JP2012014292A (en) * 2010-06-29 2012-01-19 Canon Software Inc Information processing system, image forming device, authentication server, and processing method and program for same
JP2012155730A (en) * 2012-03-12 2012-08-16 Ricoh Co Ltd Information processing device, authentication method, program, and authentication system
JP2013090244A (en) * 2011-10-20 2013-05-13 Sony Corp Information processing device, radio communication device, and communication system and control method for information processing device
WO2013168446A1 (en) * 2012-05-11 2013-11-14 株式会社日立製作所 Information terminal and individual information storage terminal
JP2014500678A (en) * 2010-12-06 2014-01-09 ジェムアルト エスアー Downloading subscriber information to UICC embedded in terminal
JP2014032683A (en) * 2013-09-17 2014-02-20 Casio Comput Co Ltd Management device, portable terminal, and program
US8714451B2 (en) 2007-03-23 2014-05-06 Ricoh Company, Ltd. Image forming apparatus management system, image forming apparatus, managing apparatus, terminal apparatus, image forming apparatus managing method, and image forming program
KR20150072021A (en) * 2013-12-19 2015-06-29 주식회사 코스터 System for electronic certification using complex certification and Method of electronic certification the same
JP2015194867A (en) * 2014-03-31 2015-11-05 Kddi株式会社 Communication terminal, member card and authentication system
JP2015194836A (en) * 2014-03-31 2015-11-05 フェリカネットワークス株式会社 Information processing method, information processing device, authentication server device, and confirmation server device
WO2016027313A1 (en) * 2014-08-19 2016-02-25 Jr東日本メカトロニクス株式会社 System, storage medium processing device, net value account registering method and program
US9408066B2 (en) 2010-12-06 2016-08-02 Gemalto Inc. Method for transferring securely the subscription information and user data from a first terminal to a second terminal
JP2017013508A (en) * 2016-08-22 2017-01-19 株式会社リコー Image forming apparatus, information processor, image formation method, information processing method, image formation program and information processing program
KR102131375B1 (en) * 2009-06-18 2020-07-08 주식회사 비즈모델라인 Method for Providing Network type OTP

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09198351A (en) * 1996-01-17 1997-07-31 Matsushita Electric Ind Co Ltd User authentication device
JPH1125051A (en) * 1997-07-09 1999-01-29 Hitachi Ltd Information system
JP2000187644A (en) * 1997-09-17 2000-07-04 Nippon Shinpan Co Ltd System for preventing illegal communication
JP2002082917A (en) * 2000-07-04 2002-03-22 Sony Computer Entertainment Inc Contents distribution method, contents distribution server, and client terminal in contents distribution infrastructure

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09198351A (en) * 1996-01-17 1997-07-31 Matsushita Electric Ind Co Ltd User authentication device
JPH1125051A (en) * 1997-07-09 1999-01-29 Hitachi Ltd Information system
JP2000187644A (en) * 1997-09-17 2000-07-04 Nippon Shinpan Co Ltd System for preventing illegal communication
JP2002082917A (en) * 2000-07-04 2002-03-22 Sony Computer Entertainment Inc Contents distribution method, contents distribution server, and client terminal in contents distribution infrastructure

Cited By (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007148478A1 (en) * 2006-06-21 2007-12-27 Hmi Co., Ltd. Computer authenticating system
WO2008065341A2 (en) 2006-12-01 2008-06-05 David Irvine Distributed network system
EP2472430A1 (en) 2006-12-01 2012-07-04 David Irvine Self encryption
JP2008165659A (en) * 2006-12-29 2008-07-17 Secom Co Ltd Authentication system
US10375274B2 (en) 2007-03-23 2019-08-06 Ricoh Company, Ltd. Image forming apparatus management system, image forming apparatus, managing apparatus, terminal apparatus, image forming apparatus managing method, and image forming program
US10038822B2 (en) 2007-03-23 2018-07-31 Ricoh Company, Ltd. Image forming apparatus management system, image forming apparatus, managing apparatus, terminal apparatus, image forming apparatus managing method, and image forming program
US9519444B2 (en) 2007-03-23 2016-12-13 Ricoh Company, Ltd. Image forming apparatus management system, image forming apparatus, managing apparatus, terminal apparatus, image forming apparatus managing method, and image forming program
US8714451B2 (en) 2007-03-23 2014-05-06 Ricoh Company, Ltd. Image forming apparatus management system, image forming apparatus, managing apparatus, terminal apparatus, image forming apparatus managing method, and image forming program
JP2009258816A (en) * 2008-04-14 2009-11-05 Nippon Telegr & Teleph Corp <Ntt> Charging information management system and method
JP2011524677A (en) * 2008-06-10 2011-09-01 アルカテル−ルーセント Method for providing end device access to services, and end device and mobile terminal implementing such method
JP2010198333A (en) * 2009-02-25 2010-09-09 Nec Corp Service provision system, information reading apparatus, method of providing service, method of transmitting user information, and program
KR102131375B1 (en) * 2009-06-18 2020-07-08 주식회사 비즈모델라인 Method for Providing Network type OTP
JP2011008458A (en) * 2009-06-25 2011-01-13 Casio Computer Co Ltd Mobile terminal management system
JP2011215764A (en) * 2010-03-31 2011-10-27 Dainippon Printing Co Ltd Information processing system, information processing server, information processing method and information processing program and the like
JP2011243017A (en) * 2010-05-19 2011-12-01 Ricoh Co Ltd Information processor, authentication system, authentication method, authentication program and recording medium
JP2012014292A (en) * 2010-06-29 2012-01-19 Canon Software Inc Information processing system, image forming device, authentication server, and processing method and program for same
JP2014500678A (en) * 2010-12-06 2014-01-09 ジェムアルト エスアー Downloading subscriber information to UICC embedded in terminal
US9037193B2 (en) 2010-12-06 2015-05-19 Gemalto Sa Method for switching between a first and a second logical UICCS comprised in a same physical UICC
US9408066B2 (en) 2010-12-06 2016-08-02 Gemalto Inc. Method for transferring securely the subscription information and user data from a first terminal to a second terminal
US9817993B2 (en) 2010-12-06 2017-11-14 Gemalto Sa UICCs embedded in terminals or removable therefrom
US10242210B2 (en) 2010-12-06 2019-03-26 Gemalto Sa Method for managing content on a secure element connected to an equipment
US9760726B2 (en) 2010-12-06 2017-09-12 Gemalto Sa Method for remotely delivering a full subscription profile to a UICC over IP
US9294919B2 (en) 2010-12-06 2016-03-22 Gemalto Sa Method for exporting on a secure server data comprised on a UICC comprised in a terminal
US9301145B2 (en) 2010-12-06 2016-03-29 Gemalto Sa UICCs embedded in terminals or removable therefrom
US9326146B2 (en) 2010-12-06 2016-04-26 Gemalto Inc. Method for downloading a subscription in an UICC embedded in a terminal
US9690950B2 (en) 2010-12-06 2017-06-27 Gemalto Sa Method for exporting data of a Javacard application stored in a UICC to a host
US9462475B2 (en) 2010-12-06 2016-10-04 Gemalto Sa UICCs embedded in terminals or removable therefrom
US9532223B2 (en) 2010-12-06 2016-12-27 Gemalto Sa Method for downloading a subscription from an operator to a UICC embedded in a terminal
US9946888B2 (en) 2010-12-06 2018-04-17 Gemalto Sa System for managing multiple subscriptions in a UICC
JP2013090244A (en) * 2011-10-20 2013-05-13 Sony Corp Information processing device, radio communication device, and communication system and control method for information processing device
JP2012155730A (en) * 2012-03-12 2012-08-16 Ricoh Co Ltd Information processing device, authentication method, program, and authentication system
WO2013168446A1 (en) * 2012-05-11 2013-11-14 株式会社日立製作所 Information terminal and individual information storage terminal
JP2014032683A (en) * 2013-09-17 2014-02-20 Casio Comput Co Ltd Management device, portable terminal, and program
KR101675549B1 (en) * 2013-12-19 2016-11-11 주식회사 코스터 System for electronic certification using complex certification and Method of electronic certification the same
KR20150072021A (en) * 2013-12-19 2015-06-29 주식회사 코스터 System for electronic certification using complex certification and Method of electronic certification the same
US10505911B2 (en) 2014-03-31 2019-12-10 Felica Networks, Inc. Information processing method, information processing device, authentication server device, and verification server device
JP2015194836A (en) * 2014-03-31 2015-11-05 フェリカネットワークス株式会社 Information processing method, information processing device, authentication server device, and confirmation server device
JP2015194867A (en) * 2014-03-31 2015-11-05 Kddi株式会社 Communication terminal, member card and authentication system
JPWO2016027313A1 (en) * 2014-08-19 2017-04-27 Jr東日本メカトロニクス株式会社 System, storage medium processing apparatus, net value account registration method and program
WO2016027313A1 (en) * 2014-08-19 2016-02-25 Jr東日本メカトロニクス株式会社 System, storage medium processing device, net value account registering method and program
JP2017013508A (en) * 2016-08-22 2017-01-19 株式会社リコー Image forming apparatus, information processor, image formation method, information processing method, image formation program and information processing program

Also Published As

Publication number Publication date
JP4716704B2 (en) 2011-07-06

Similar Documents

Publication Publication Date Title
US10574646B2 (en) Managing authorized execution of code
US20170163426A1 (en) Information processing apparatus, information processing method, information processing program and information processing system
US9705868B2 (en) Computer-implemented method for mobile authentication and corresponding computer system
CN106134143B (en) Method, apparatus and system for dynamic network access-in management
CN204948095U (en) Authenticate device and the mutual system guaranteeing between application program and user
US8402518B2 (en) Secure management of authentication information
US7610390B2 (en) Distributed network identity
JP4503143B2 (en) Electronic ticket system, service server and mobile terminal
DE60027971T2 (en) Single sign-on to a network system that includes several separately controllable resources with limited access
JP5700108B2 (en) Thin client-server system, thin client terminal, data management method, and computer-readable recording medium
CA2871049C (en) Abstracted and randomized one-time passwords for transactional authentication
KR101584510B1 (en) Method for reading attributes from an id token
RU2332807C2 (en) Method of quick registration for authentication of user and payment performance using two different communication channels and system therefor
KR101468977B1 (en) Method and system for authentication using a mobile device
US8261334B2 (en) System for performing web authentication of a user by proxy
US20140230020A1 (en) Authorization server and client apparatus, server cooperative system, and token management method
EP2314046B1 (en) Credential management system and method
CN102346832B (en) Enhanced security for electronic communications
EP1015985B1 (en) Method and apparatus for providing physical security for a user account and providing access to the user&#39;s environment and preferences
JP5711430B2 (en) ID authentication management apparatus and method
KR101729633B1 (en) Apparatus and method for sharing contents of social network service in communicatino system
JP4759198B2 (en) Service providing apparatuses that allow other apparatuses to access unique information recorded on a portable recording medium in which unique information is recorded, methods thereof, and the recording medium.
US9373110B2 (en) Information processing apparatus, information processing method, program, and information processing system
JP4782986B2 (en) Single sign-on on the Internet using public key cryptography
US8707048B2 (en) Dynamic pattern insertion layer

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20071003

A711 Notification of change in applicant

Free format text: JAPANESE INTERMEDIATE CODE: A711

Effective date: 20100427

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A821

Effective date: 20100427

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20101104

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20101111

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20110106

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20110112

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20110210

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20110303

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20110329

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140408

Year of fee payment: 3

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140408

Year of fee payment: 3

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

LAPS Cancellation because of no payment of annual fees