JP2006185088A - Authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent the generation of wiretapping in an authentication system to be used when a provider provides service to a user by displaying a specific code and an explanation on the screen of a user side terminal to enable the user to easily recognize that the information is transmitted from an authentic provider and allowing the provider to authenticate the specific code and terminal information also in each information reception to provide service to the authentic user. <P>SOLUTION: The authentication system is provided with: a means for optionally extracting user's information and the information of a provider for providing service by referring to a table and preparing a specific code which is different in each login on the basis of these extracted information; a means for transmitting the prepared specific code and its explanation and provider's service providing information to the user side to display these data on a screen; and a means for checking whether the user is authentic or not on the basis of the added specific code in receiving information to which the specific code is added from the user side, and when the user is authentic, transmitting requested service through a network. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an authentication system when a provider provides a service to a user.

  Conventionally, when a user accesses an operator's web server, the homepage of the operator is downloaded, a login screen is displayed on the screen of the user's terminal, and a user ID and password are input on the login screen. Then, the user ID and password registered in advance on the web server side are checked, and login is permitted when OK. Thereafter, the user downloads a related screen and displays it on the terminal screen to receive various services.

In addition, there is a technique in which a user's physiological characteristics (fingerprint, voice pattern, iris pattern, retina pattern, etc.) are used to authenticate a user (Patent Document 1).
JP 2002-373153 A

  As described above, conventionally, in order for a user to receive various services from a business operator, a user inputs a physiological characteristic such as a user ID, a password, or a fingerprint on a login screen and collates with a registered one. In the case of OK, a corresponding screen for receiving service provision is displayed on the terminal, and various services are requested and received on the screen. For this reason, when you select a service item that you want to receive on the screen, the selected destination screen is displayed, but the user can know whether the selected destination screen is a genuine business operator's screen. However, there was a problem that it was uneasy for the user. In particular, when personal information is registered with a business operator on the screen or referenced from the screen, there is a problem that there is no way to confirm whether the selected destination screen is a genuine business operator's screen. is there.

  In order to solve these problems, the present invention registers personal information of a user and information of a business operator in a table on the business operator side, and after user authentication at the time of user login, the business operator side identifies the user and business operator from the table. Take out arbitrary information and create a different specific code for each login based on these information, display the specific code and its description on the screen on the user side, and recognize that it is information from a genuine business operator In addition, it is possible to prevent eavesdropping by providing a service by authenticating terminal information such as a specific code for each information reception and further, if necessary, the user side IP address, MAC address, etc. It is an object.

  The invention of the present application adds a specific code and its description on the screen of the terminal on the user side and makes it easy to recognize that the information is from a genuine business operator. Furthermore, it is possible to prevent eavesdropping by authenticating terminal information and providing services only to authentic users.

  The present invention registers personal information of a user and information of a business operator in a table on the business operator side, and after user authentication at the time of user login, takes out any information on the user and business operator from the table on the business operator side. A different specific code is created for each login, and the specific code and its description are displayed on the screen on the user side, making it easy to recognize that the information is from a genuine business operator. In this case, it is possible to prevent eavesdropping by providing a service by authenticating terminal information such as a specific code every time information is received and, if necessary, the user's IP address and MAC address.

FIG. 1 shows a system configuration diagram of the present invention.
In FIG. 1, a server 1 performs various processes according to a program. Here, the server 1 is a server provided on the business side, and includes a user registration unit 2, a specific code generation unit 3, a check unit 4, and a user information table 5. The service provider information table 6 and the sub-authentication information table 7 are included.

  The user registration means 2 allows the user to operate the terminal 12 and input the user ID, password, biometrics information (identity information of the user such as fingerprint, retina, vein, etc.) from the registration screen, etc. It is registered in the table 5 (see FIGS. 2 and 6A).

  The specific code generation means 3 generates a specific code based on arbitrary information of the user and arbitrary information of the business (see FIG. 3).

  The check means 4 checks the authenticity of the user based on the specific code, IP address, MAC address, etc. in the information received from the user.

  The user information table 5 registers and manages user information (information such as user ID, password, biometric information, and mail address) (see FIG. 6A).

  The business operator information table 6 registers information on business operators that provide services (business name, biometrics information (representing business operators or biometrics information of a specific person), e-mail address, IP address, etc.). (See FIG. 6B).

  The sub-authentication information table 7 registers sub-information for authenticating the user (for example, information such as IP address, MAC address, terminal ID, terminal CPU ID, etc.) (pre-registered or acquired and registered at the time of login and logged out) (Sometimes discarded) and managed.

  The web server 10 is a server that provides a known web to a large number of terminals 12 via a network, and the information on the corresponding page based on the web data 11 is transferred to the browser in the user terminal 12 via the network. Download and display on the screen, or when a URL is selected on the displayed browser screen, the URL linked to the selected location is received and the URL screen is downloaded to the browser of the terminal 12 Displayed on the screen. Here, the web server 10 is configured to cooperate with the server (operator) 1.

  The web data 11 is created and registered in advance with screen information (such as text information described in the HTML language for display as a screen) associated with the home page and the corresponding URL.

  The terminal 12 is a user terminal, which is a terminal such as a PC (personal computer), a mobile phone (mobile terminal), or a PDA, and is connected to the web server 10 via the network 13 to provide various services. It is a terminal for receiving.

  Next, in accordance with the order of the flowchart of FIG. 2, the procedure when the user operates the terminal 12 and registers in the server (business operator) 1 under the configuration of FIG. 1 will be described in detail.

  FIG. 2 shows an operation explanation flowchart (registration) of the present invention. Here, the terminal (user) 12 and the server (business operator) 1 correspond to the corresponding terminal (user) 12 and server (business operator) 1 in FIG. As shown in FIG. 1, there is a web server 10 between the terminal (user) 12 and the server (business operator) 1, but since the web server 10 is publicly known, the following is omitted from the drawing ( Add a description if necessary).

  In FIG. 2, the screen is displayed in S1. In this case, the user operates the browser of the terminal 12, accesses the home page (URL) of the web server 10 via the network, downloads the screen information of the home page, and displays it on the browser screen.

  In S2, a registration screen is selected. The user selects the user registration screen from the menu displayed on the browser screen of the terminal 12 in S1.

  Input in S3. In response to the user selecting the user registration screen from the menu in S2, the URL server linked to the user registration screen of the selected menu is requested from the web server 10 via the network. Download and display the user registration screen (see (a) of FIG. 5) on the browser of the terminal 12, and input the following user information described in the figure on the user registration screen (it is not necessary to input all) Enter what you need).

·mail address:
・ Biometric information:
·fingerprint
·vein:
・ Iris / Retina:
・ User ID:
·password:
In step S4, user information is received.

  In S5, registration is performed. These S4 and S5 correspond to the fact that the user input the above-mentioned user information on the user registration screen of FIG. 5A displayed on the browser of the terminal 12 in S3 and the registration button is registered. 13. Notify the server (operator) 1 via the web server 10 and the user registration means 2 constituting the server (operator) 1 checks and confirms that the same user ID is not present or the password is appropriate. When the character string and the number of characters are checked and the result is OK), it is registered in the user information table 5 (see FIG. 6A). Then, a message to the effect of registration is transmitted to the user terminal 12 via the network 13.

  In S6, a message is displayed. This displays a registration completion message transmitted from the web server 10 via the network 13. And it ends.

  Through the above procedure, the user accesses the home page of the web server 10 on the browser of the terminal 12 via the network 13, displays the screen on the browser, selects the user registration screen from the menu on the screen, and The user registration screen is displayed, the user information is input and transmitted, and the user information can be registered in the user information table 5 ((a) of FIG. 6) of the server (business operator) 1.

  Next, according to the order of the flowchart of FIG. 3, the operation of authentication when the user receives provision of service from the operator with the configuration of FIG. 1 will be described in detail.

FIG. 3 is a flowchart for explaining the operation of the present invention (authentication).
In FIG. 3, the screen is displayed in S11. In this case, the user operates the browser of the terminal 12, accesses the home page (URL) of the web server 10 via the network, downloads the screen information of the home page, and displays it on the browser screen.

  In S12, a login screen is selected. This is because the user selects a login screen from the menu displayed on the browser screen of the terminal 12 in S11.

  At S13, input is performed. In response to the user selecting a login screen from the menu in S12, the URL screen linked to the login screen of the selected menu is requested to the web server 10 via the network and downloaded. The login screen is displayed on the browser of the terminal 12, and information (information for authenticating the user himself (for example, user ID, password, and biometric information)) is input on the login screen.

  In S14, the server (business operator) 1 receives the information. This is because the information (for example, user ID, password, byte metrics information) input from the login screen displayed on the browser of the terminal 12 by the user in S13 and the information (CPU ID, mobile phone information) of the terminal 12 are included. SID (subscriber ID)) and address information (IP address, MAC address) of the terminal 12 are received by the web server 10, and the server (business operator) 1 receives these information from the web server 10.

  In S15, the user's “unique value” is selected. This is based on the user ID, password, and biometric information in the information received in S14, and refers to the user information table 5 in FIG. 6A to find a matching entry and authenticate the user. After performing, in addition to the user entry information (email address, biometrics information), the user terminal 12 information acquired at the time of login (if the terminal 12 is a PC, the MAC address, IP address, CPU ID, terminal 12 If the mobile phone (mobile terminal) is a terminal ID (such as SID), and if the terminal 12 is a PDA (CPU ID), one or more random numbers are selected (see FIG. 7). .

  In S16, the “unique value” of the business operator is selected. As in S15, one or more random numbers are selected from the provider information (IP address, mail address, biometrics information such as representative and administrator) (see FIG. 7).

  In S17, a specific code is created based on both information. This is a combination of the “eigenvalue” of the user selected in S15 and the “eigenvalue” of the operator selected in S16 (for example, combining both), and compressing (see FIG. 4) when the number of bytes is large. Create a specific code. At the same time, the explanation of the specific code (how to use the specific code, and the screen to which the specific code is assigned is provided by, for example, a genuine A operator, and is displayed on the screen with the trust of the user. A description that the displayed information can be trusted, or that the user's personal information (secret) can be input and transmitted from the screen is created.

  In S18, it is sent. This is because the specific code generating means 3 of the server (operator) 1 created the specific code in the procedure from S14 to S18, and the created specific code is sent to the terminal 12 (from the server (business operator) 1 to the web The server 10 is notified, and the web server 10 sends it to the browser screen of the terminal 12 via the network).

  In S19, it is displayed. In this case, the specific code and the description thereof are displayed on the browser screen of the terminal 12 received in S18 (see (b) of FIG. 5).

  At S20, input. This is provided by a provider who can trust the information on the screen with the specific code and the description on the screen displayed on the browser of the terminal 12, for example, the screen of FIG. 5B described later. Recognize that there is, select and input a specific code, and request the screen information of the URL linked to the specific code. When the process is to be ended, an end button is selected and input from the screen.

  In S21, it is determined whether or not the process is finished. In step S20, it is determined whether the end button is selected and input. In the case of YES, end transmission is performed in S22, the transaction is terminated in S23 (the transaction started at the time of login is terminated), an end screen is displayed in S24, and a series of processes is terminated. On the other hand, in the case of NO in S21, it is determined whether or not there is a URL instruction in S31. In the case of YES, the URL and the specific code, and the IP address and MAC address of the terminal 12 (SID for a mobile phone / mobile terminal) , The ID of the CPU in the case of a PDA) is transmitted to the web server 10 and further to the server (operator) 1 via the network 13.

  In S32, it receives. This receives the information (URL, specific code, and information on the terminal 12) transmitted in S31.

  In S33, it is determined whether the time is up. This is to determine whether or not a predetermined time for determining type up has elapsed since the last reception. In the case of YES, since it is found that the type is up, a transaction end notification is transmitted. If NO, the process proceeds to S34.

  In S34, the specific code is matched. This is determined by matching with the specific code sent to the terminal 12 in S18. In the case of OK, since it matches the specific code uniquely created for the user and the business operator that is different for each login, the service request from the authentic user is found. To S35, S37, or S38.

    If the terminal 12 of the user who requested the service is a PC (personal computer), when the server (operator) 1 receives the service request in S18, the IP address and MAC from the PC that is the terminal 12 are also received. Since the address is received, the IP address and MAC address are matched in S35 and S36 (matching is performed to match the IP address and MAC address of the PC obtained at the time of login in S14), and both are matched. Sometimes OK (determined that it is the same PC (same terminal 12) as the PC 12 that was the terminal 12 at the time of login in S14), that is, the specific code from another PC that intercepted the specific code was given It determines with it not being a service provision request | requirement, and progresses to S39.

    When the terminal 12 of the user who requested the service is a PDA, when the server (operator) 1 receives the service request in S18, the CPU ID is received from the PDA that is the terminal 12 together. , The CPU ID is matched in S37 (matching is performed to match the CPU ID of the PDA acquired at the time of login in S14), and when matched, OK (the PDA that is the terminal 12 at the time of login in S14) It is determined that they are the same PDA (the same terminal 12)), that is, it is not a service provision request to which the specific code is given from another PDA that has intercepted the specific code, and the process proceeds to S39.

    When the terminal 12 of the user who requested the service is a mobile phone / portable terminal, when the server (business operator) 1 receives the service request in S18, the mobile phone / mobile terminal that is the terminal 12 also receives the SID. SID matching is performed at S38 (matching is performed to match the SID of the mobile phone / portable terminal acquired at the time of login at S14). Mobile phone / mobile terminal 12 and the same mobile phone / mobile terminal (same terminal 12)), that is, the specific code from another mobile phone / mobile terminal that intercepts the specific code. It determines with it not being the provided service provision request | requirement, and progresses to S39.

  In S39, the transmission is performed. This is determined as a service request from a genuine user when a different specific code is received for each login in S34, and in S35 and S36, or S37, or S38, the authentic terminal 12 (the current transaction start and Since the service request from the terminal 12) at the time of login is determined, the requested service is transmitted. For example, information referring to a DB (database) not shown is transmitted to the browser of the user terminal 12 as necessary.

  In S40, the screen is displayed. This is because the information transmitted in S39 is displayed on the browser screen of the user's terminal 12, for example, as shown in FIG. 5 (c), a specific code, a business menu, and (d) in FIG. ), The specific code and the medical details screen selected on the business menu of FIG. 5C are displayed. Here, it is possible to always display the specific code on the upper right of the screen and always clearly indicate that the specific provider is providing it, thereby giving the user a sense of reliability and security. And it returns to S20 and repeats.

As described above, when a user logs in, a specific code is created based on one or more random numbers selected from the user's information and the service provider's information for each login, and at the time of login Information (IP address, MAC address for PC, SID for mobile phone / mobile terminal, CPU ID for PDA) is stored (stored in sub-authentication information table 7). When there is a service request given a specific code from the user, a check is made based on the specific code that is different for each login and the information of the terminal 12 stored at the time of login (check from S33 to S38). By sending service information to users and providing
-Since the user side always displays a specific code (and description thereof if necessary) on the screen of the terminal 12 (see (b) to (d) of FIG. 5), the user can trust the information on the screen. It is possible to always recognize on the screen that it has been provided by a mobile operator, and to view information with confidence and peace of mind, and to enter and transmit personal confidential information from the screen,
-The server (operator) 1 side checks each time a service request is received based on a specific code created from the user information and the operator information, which is different for each login. 12 information is stored, the identity of the terminal 12 is checked every time a service request is received, and a service request from an unauthorized person can be prevented.

  FIG. 4 shows an operation explanation flowchart (compression) of the present invention. FIG. 4 is a detailed process flowchart from S15 to S17 of FIG. 3 described above.

In FIG. 4, in S51, all / part of the following “eigenvalues” are received. This is as information on the target user and operator to be selected when creating a specific code in S15 and S16 of FIG.
(1) IP address (2) Email address (3) Biometrics information (4) Terminal ID
Receive all or part of the information.

  In S52, 1. From the received information, the “unique value” used to create the “specific code” of the user is selected.

2. Select the “unique value” of the operator.
With these S51 and S52, one or more of user information (information registered in the user information table 5 in FIG. 6A) is selected (for example, selected with a random number), and a business operator is selected. This means that one or more of the information (information registered in the provider information table 6 of FIG. 6B) can be selected (for example, selected with a random number).

  In S53, two sets of “unique values” are combined to create a “specific code”. This is a specific code by combining (for example, combining) the “unique value” of the user selected in S51 and S52 and the “unique value” of the operator.

  In S54, it is determined whether the “specific code” is 32 bytes or more. If YES, the process proceeds to S56. In the case of NO, a “specific code” is created in hexadecimal in S55, that is, the specific code combined in S53 is converted into a “specific code” expressed in hexadecimal and compressed.

  In S56, it is determined whether the “specific code” is 64 bytes or more. If YES, the process proceeds to S58. In the case of NO, a “specific code” is created in S32 in S57, that is, the specific code combined in S53 is converted into a “specific code” expressed in 32 and compressed.

S58 determines whether the “specific code” is 128 bytes or more. In the case of NO, a “specific code” is created in S59 in 64 notation, that is, the specific code combined in S53 is converted into “specific code” expressed in 64 notation and compressed. In the case of YES, an n-adic system suitable for the specific code length is selected in S60, and a “specific code” is created and compressed.

  As described above, one or two random numbers are selected and combined from user information and business operator information to create a specific code, and when the size is large, a specific code having an appropriate size is generated by compression. It becomes possible.

  FIG. 5 shows an example screen of the present invention. This shows an example of a screen displayed on the user terminal 12.

  FIG. 5A shows an example of a user registration screen. The user registration screen is an example of the user registration screen displayed on the terminal 12 in S3 of FIG. 2 described above. Here, the following information shown in the figure is input, and the user information table 5 of the server (business operator) 1 is input. It is for registering.

·mail address:
・ User ID:
·password:
・ Biometric information:
Here, the mail address is the user's mail address. The user ID is an ID that uniquely represents the user, and is an ID that is input by the user or uniquely determined by the server (operator) 1 for the user. The password is a password (the number of digits within a predetermined range made up of numbers, characters, symbols, etc.) that the user arbitrarily decides and inputs. The biometric information is user biometric information, and is a part for inputting information such as a fingerprint, a vein, and an iris / retina from an input device (not shown).

  After inputting the necessary information, when the registration button on the screen is pressed with the mouse, the server (operator) 1 checks and is registered in the user information table 5 when OK.

  FIG. 5B shows an example of a specific code confirmation screen. The specific code confirmation screen is displayed on the user terminal 12 in S19 of FIG. 3 described above, and displays the following information shown in the figure.

・ Specific code:
・ Description of specific code:
Here, “*******” on the right side of the specific code is a specific code generated by selecting one or more of the user information and the operator information (or after further compression) Specific code), which represents the user who requested the service and the provider providing the service (information) on the displayed screen (code). The user can always recognize whether the above information is provided, and the reliability and security of the information can be ensured. Further, in the description column of the specific code in the lower row, the specific code is described, and description of a reliable business operator and the usage method of the specific code are described. Among these, since the specific code is linked with the URL to the business screen of the business operator determined by the specific code, when the specific code is clicked with the mouse, the business screen of the business operator is displayed. For example, FIG. The screen (b) is displayed on the user terminal 12.

  FIG. 5C shows an example of the business screen moved in response to the user selecting a specific code with the mouse on the specific code confirmation screen of FIG. 5B. On the business screen shown in the figure, a specific code is always displayed on the upper right so that a business operator who provides information on the current business screen can check. When the medical care is further clicked with the mouse in the menu on the business screen, the screen transitions to the screen shown in FIG. 5D, which is a screen of the URL linked to the “medical care” (web of the web server 10). The URL screen is downloaded from the data 11 and displayed on the terminal 12).

  FIG. 5D shows an example of a medical work screen. This shows an example of the business screen (medical) after selecting “medical” from the menu on the business screen in FIG. Similarly, in the upper right of this business screen (medical), a specific code representing the business operator and the user providing the information on the screen is always displayed, and the information screen provided by the business operator is displayed. It is possible to recognize information, refer to the information with confidence and peace of mind, and to input and transmit personal information as necessary.

FIG. 6 shows an example table of the present invention.
FIG. 6A shows an example of a user information table. The user information table 5 registers and manages user information. Here, the user information table 5 registers and manages the following information shown in FIG.

・ ID:
·User name:
·password:
・ Biometric information:
·mail address:
・ Other:
Here, the ID is a unique ID representing the user. The user name is a name representing the user. The password is a unique password determined by the user for performing user authentication. The byte metric information is user's biological information (for example, user's own information such as fingerprint, vein, iris / retina). The email address is the user's email address. Others are other information of the user, such as a unique telephone number.

  As described above, by registering the user information in association with the user (ID), as described above, one or more are selected by random numbers and combined with the information of the business operator described later. It becomes possible to easily create a specific code unique to each user (further, a different business operator) that is different for each login.

  FIG. 6B shows an example of the business operator information table. The business operator information table 6 registers and manages business operator information. Here, the business enterprise information table 6 registers and manages the following information shown in association with each other.

・ ID:
・ Company name:
・ Biometric information:
·mail address:
・ IP address:
・ Other:
Here, the ID is a unique ID representing a business operator. The business name is a name representing the business. The biometric information is biometric information (for example, information on a business operator such as a fingerprint, a vein, and an iris / retina) of a business operator (representative or manager of the business operator). The email address is the email address of the operator. The IP address is an IP address of a business server. Others are other information of the business operator, such as a unique telephone number.

  As described above, by registering the business operator information in association with the business operator (ID), as described above, one or more are selected by random numbers and combined with the above-described user information. Thus, it is possible to easily create a specific code unique to each business operator (and user) that is different for each login.

FIG. 7 shows an explanatory diagram of the present invention.
FIG. 7A shows an example of information used by the server (operator) 1 of FIG. 1 to create a specific code on the operator side and the user side when accessing (login) from the user. The illustrated example shows an example of information to be used when a personal information provider is taken as an example of a business and a personal information provider is taken as an example of a user.

  Here, the upper part represents the information of the operator (IP address, mail address, byte metrics information), and the left side represents the information of the user (information for each PC.PDA, mobile phone (mobile phone / mobile terminal)). In the figure, ◯ is a value that can always be used, Δ is a value that may change, for example, a value that is used in accordance with a user's instruction, and × is a value that is not used for the first access (at the time of login).

  (A-1) in FIG. 7 represents the first access (at the first login), and (a-2) in FIG. 7 represents the second and subsequent accesses.

FIG. 7B shows an outline of a procedure for creating a specific code.
In FIG. 7B, the eigenvalue (for example, biometric information) of the personal information provider is acquired in S61 and S62.

  In S63 and S64, a unique value (for example, IP address) of the personal information provider is acquired.

  In S65 and S66, the code generation application of the present invention (specific code generation means 3 in FIG. 1) is activated to generate a specific code (see FIG. 4 described above).

  As described above, a specific code is created based on one or more random numbers selected from user (personal information provider) information and business operator (personal information provider) information. Is possible.

(Appendix 1)
In the authentication system when a provider provides services to users,
A table for registering user information and business operator information in advance;
When the user logs in via the network, the user information and the service provider information provided by the service are arbitrarily extracted with reference to the table, and the user information and the service provider information are extracted. To create a different specific code for each login,
Means for transmitting the created specific code and, if necessary, the description of the service provider's service provision information to the user side via the network and displaying it on the screen;
When the information to which the specific code is added from the user side is received via the network, the user checks whether it is authentic based on the added specific code, An authentication system comprising means for transmitting via a network. (1)
(Appendix 2)
The authentication system according to claim 1, wherein at the time of login, user authentication is performed based on a user ID, a password, and, if necessary, physiological characteristics of the user.

(Appendix 3)
The authentication system according to Supplementary Note 1 or Supplementary Note 2, wherein the user is checked for authenticity based on one or more of the specific code and the IP address, MAC address, and terminal ID of the user terminal. (2)
(Appendix 4)
Any one of appendix 1 to appendix 3, wherein the specific code generated based on the extracted user information and business operator information is compressed when the size is large, and the specific code with a reduced size is generated. The authentication system described in Crab

(Appendix 5)
When the information on which the specific code displayed on the screen of the user's terminal is selected is received via the network, the URL screen information linked to the specific code is transmitted via the network. The authentication system according to any one of appendix 1 to appendix 4, wherein the authentication system is displayed on the screen of the terminal. (3)

  The present invention displays a specific code and its description added on the screen of the terminal on the user side so that it is easy to recognize that the information is from a genuine business operator. Furthermore, it is possible to prevent eavesdropping by authenticating terminal information and providing services only to authentic users.

It is a system configuration diagram of the present invention. It is operation | movement description flowchart (registration) of this invention. It is operation | movement description flowchart (authentication) of this invention. It is operation | movement description flowchart (compression) of this invention. It is an example of a screen of the present invention. It is an example table of this invention. It is explanatory drawing of this invention.

Explanation of symbols

1: Server (operator)
2: User registration means 3: Specific code generation means 4: Check means 5: User information table 6: Provider information table 7: Sub-authentication information table 10: Web server 11: Web data 12: Terminal (user)
13: Network

Claims (3)

In the authentication system when a provider provides services to users,
A table for registering user information and business operator information in advance;
When the user logs in via the network, the user information and the service provider information provided by the service are arbitrarily extracted with reference to the table, and the user information and the service provider information are extracted. To create a different specific code for each login,
Means for transmitting the created specific code and, if necessary, the description of the service provider's service provision information to the user side via the network and displaying it on the screen;
When the information to which the specific code is added from the user side is received via the network, the user checks whether it is authentic based on the added specific code, An authentication system comprising means for transmitting via a network.   2. The authentication system according to claim 1, wherein the authentication is performed based on one or more of the specific code and the IP address, MAC address, and terminal ID of the terminal on the user side.   When the information on which the specific code displayed on the screen of the user's terminal is selected is received via the network, the URL screen information linked to the specific code is transmitted via the network. 3. The authentication system according to claim 1, wherein the authentication system is displayed on the screen of the terminal.

Images