JP2008027055A - Authentication system, authentication computer, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a personal authentication system of high safety and convenience. <P>SOLUTION: The personal authentication system comprises a plurality of client computers, a plurality of telephones, and an authentication computer. On receiving user's specific information from the client computer, the authentication computer specifies a telephone number of the telephone corresponding to the received user's specific information, informs the telephone of the telephone number that can be received by the authentication computer as the telephone number for recognition, receives the arrival of the dial from the telephone, specifies the originator telephone number and arrival telephone number from the arrival dial, and determines whether the correspondence of the specified originator telephone number to the specified arrival telephone number matches with the correspondence of the telephone number of the telephone to the telephone number for recognition. When two correspondences are determined to match with each other, it is determined that the client computer as the transmitting origin of the user's peculiar information is operated by a valid user. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

The present invention relates to an authentication system, an authentication computer, and a program.

Conventionally, a combination of a user ID and a password is known as personal authentication when a user is specified and a service is provided. For example, a person who logs in to a WEB site via the Internet inputs a user ID and a password according to a WEB screen displayed on a personal computer to be operated, and transmits an authentication request to the WEB server. In addition, when a user of a financial institution withdraws a deposit at the ATM of the financial institution, a cash card is inserted into the ATM, a personal identification number is input, and an authentication request is transmitted to the authentication server. The user ID in this case is a cash card.

However, the user of the WEB site has the trouble of inputting the user ID and password according to the screen of the WEB site. In addition, this authentication method is widely used, and is adopted in Internet banking and various electronic commerce WEB sites. For this reason, user IDs and passwords to be managed by one person are increasing. If the user of the WEB site forgets the user ID or password, it is necessary to inquire the user of the user ID or password to the site operator, and the user cannot enjoy the convenience of the WEB site. Further, impersonation in which a person who is not an original user gives up a user ID and a password and performs a transaction has become a social problem. Phishing and spyware are known as means for giving up the user ID and password. Phishing is an act of providing a pseudo site that looks just like a regular WEB site, allowing the original user to input a user ID and password, and giving up the user ID and password. Spyware is software that is installed without the knowledge of the user of the personal computer, and is software that reads various user IDs and passwords input by the user and notifies the server of the eavesdropper via the Internet. When a transaction by impersonation is established by Internet banking or electronic commerce, not only the original user but also the WEB site operator will suffer serious damage due to the loss of site reliability and compensation problems.

When a user of a financial institution withdraws a deposit at the ATM of the financial institution, it is troublesome to insert a cash card into the ATM and input a personal identification number. Further, when a personal identification number is voyeurized by a voyeur camera and a cash card is stolen, a deposit is withdrawn by an impersonating user. Banks as well as depositors are severely damaged by the loss of reliability and compensation issues.

Patent Document 1 discloses a personal authentication method for authenticating a user by inputting a user ID and a password to the WEB site and dialing a specific telephone number when the user of the WEB site is authenticated.

Patent Document 2 discloses a personal authentication method for authenticating a user by inputting a telephone number as a user ID into the WEB site and dialing a specific telephone number when the user of the WEB site is authenticated. Yes.
Patent Publication 2002-229951 Patent Publication No. 2004-213440

According to the technique of Patent Document 1, impersonation can be prevented even when a user ID and a password are complied for using a caller telephone number. Further, according to the technique of Patent Document 2, impersonation can be prevented even when a spoofed telephone number is input to a WEB site in order to use a caller telephone number. However, the techniques of Patent Literature 1 and Patent Literature 2 cannot accurately grasp the correspondence between the user who dials with the caller telephone number notification and the computer operated by the user. For this reason, the techniques of Patent Document 1 and Patent Document 2 cannot provide authentication with high safety and convenience. For example, in the techniques of Patent Document 1 and Patent Document 2, a person who is not an original user may impersonate the legitimate user by inputting the user ID of the legitimate user many times. Specifically, if a legitimate user authenticates by dialing a specific telephone number and then redials the specific telephone number by mistake, the person who is not the original user is authenticated as a legitimate user. It will be.

The present invention has been made in view of the above-described problems, and an object thereof is to provide a personal authentication system with high safety and convenience.

A plurality of client computers having a processor, a memory and an interface, a plurality of telephones for dialing with caller ID notification, and an authentication having a processor, a memory and an interface and connected to the plurality of client computers via a network An authentication system comprising: a computer, wherein the authentication computer stores user management information indicating correspondence between user-specific information and the telephone number of the telephone owned by the user; Upon receipt of the unique information, the telephone number of the telephone corresponding to the received unique information of the user is identified based on the user management information, and the authentication computer can identify the telephone number that can be received before. Check the phone number not associated with any phone number Selecting as a telephone number, storing the telephone number of the identified telephone and the selected confirmation telephone number in association with each other, notifying the telephone of the selected confirmation telephone number, A dial incoming call is received from the telephone, a caller telephone number and an incoming telephone number are identified from the incoming dial, and the correspondence between the identified caller telephone number and the identified incoming telephone number is stored. It is determined whether or not the correspondence between the telephone number of the current telephone and the confirmation telephone number matches, and if it is determined that the two correspondences match, the client computer that is the transmission source of the user's unique information is It is characterized by determining that it is operated by a legitimate user.

A plurality of client computers having a processor, a memory and an interface; a plurality of telephones for dialing with caller ID notification; and a processor, a memory and an interface, connected to the plurality of client computers via a network. An authentication system comprising: an authentication computer comprising: user management information indicating correspondence between user-specific information and a telephone number of the telephone owned by the user; and from the client computer Upon receiving the user's unique information, the telephone number that is not associated with any of the previously received user's unique information is selected as the confirmation telephone number among the telephone numbers that can be received by the authentication computer. , The received user specific information and the selected confirmation phone number, Corresponding and storing, notifying the selected telephone number for confirmation to the telephone, receiving a dial incoming from the telephone, identifying the caller telephone number and the incoming telephone number from the incoming dial, Identifying user-specific information corresponding to the specified caller telephone number based on the user management information, correspondence between the specified user-specific information and the specified incoming telephone number; It is determined whether or not the correspondence between the stored user's unique information and the confirmation telephone number matches, and if the two correspondences match, it is the transmission source of the user's unique information It is determined that the client computer is operated by a legitimate user.

In addition, a plurality of client computers having a processor, a memory and an interface, a plurality of telephones for dialing with caller ID notification, a processor, a memory and an interface are connected to the plurality of client computers via a network. An authentication system comprising: an authentication computer comprising: user management information including correspondence between user-specific information and the telephone number of the telephone owned by the user; and from the client computer Upon receipt of the user's unique information, a phone number that is not associated with any of the previously received user's unique information is selected as a confirmation phone number from among the phone numbers that can be received by the authentication computer. , The received user specific information and the selected confirmation phone number, Corresponding information is stored in the confirmation telephone number correspondence information, the selected confirmation telephone number is notified to the telephone, a dial incoming call is received from the telephone, and the caller telephone number and the incoming call are received from the received dial. A phone number is specified, and based on the confirmation phone number correspondence information, user specific information corresponding to the specified incoming phone number is specified, and the specified user specific information and the specified information are specified. It is determined whether or not the correspondence between the caller telephone number and the correspondence between the user's unique information included in the user management information and the telephone number of the telephone owned by the user are the same. An authentication system characterized in that, when it is determined that they match, it is determined that the client computer that is the transmission source of the user's unique information is operated by a legitimate user.

According to the exemplary embodiment of the present invention, the safety and convenience of the personal authentication system can be improved.

Embodiments of the present invention will be described with reference to the drawings. Note that a general-purpose embodiment of the present invention will be described as the first embodiment. Next, as the second embodiment, a specific embodiment in which the first embodiment is used for a WEB site will be described. Next, as the third embodiment, a specific embodiment for easily introducing the second embodiment into an existing WEB server will be described. Next, as the fourth embodiment, a specific embodiment in which the third embodiment is used for Internet credit card settlement will be described. Next, as a fifth embodiment, a specific embodiment in which the first embodiment is used for an ATM of a financial institution will be described. Next, as a sixth embodiment, a specific embodiment in which the first embodiment is used for credit card payment at a store will be described. Next, as the seventh embodiment, a specific embodiment in which the first embodiment is used for connection to an in-house intranet will be described. Next, as an eighth embodiment, a specific embodiment in which the first embodiment is used for connecting a thin client to a centralized server will be described. Next, a specific embodiment in which the first embodiment is used for public wireless LAN connection will be described as a ninth embodiment.

(First embodiment)
FIG. 1 is a schematic configuration diagram of a personal authentication system according to the first embodiment. The personal authentication system shown in FIG. 1 includes a client device 8010, a mobile phone 8060, a fixed phone 8080, and a dial authentication device 804. The client device 8010 is a computer operated by a user who is going to be authenticated. The client device 8010 is connected to the network 9. Details of the client device 8010 will be described with reference to FIG. The network 9 may be the Internet or an internal network. The cellular phone 8060 and the fixed phone 8080 are telephones that transmit a dial accompanied by a caller telephone number notification when operated by a user. The caller telephone number does not necessarily have to be a number, and may be a character as employed in the technology of ISDN (Integrated Services Digital Network) or SIP (Session Initiation Protocol). The mobile phone 8060 and the fixed phone 8080 are connected to the public switched telephone network 2. The cellular phone 8060 and the fixed phone 8080 may be IP phones. In this case, the public switched telephone line network 2 is the Internet. The dial authentication device 804 is connected to the client device 8010 via the network 9. The dial authentication device 804 is connected to the mobile phone 8060 and the fixed phone 8080 via the public switched telephone network 2. Details of the dial authentication device 804 will be described with reference to FIG. For the sake of clarity, the authentication process for one client device 8010 will be described in the personal authentication system of the first embodiment. In practice, the dial authentication device 804 authenticates a plurality of client devices 8010 via the network 9. In FIG. 1, five client devices 8010 are illustrated, but any number of personal authentication systems may be provided. In FIG. 1, two mobile phones 8060 and fixed phones 8080 are shown, but any number may be provided. The dial authentication device 804 can authenticate a plurality of client devices 8010.

FIG. 2 is a block diagram of a configuration of the client device 8010 provided in the personal authentication system according to the first embodiment. The client device 8010 is physically a computer system including a transmission / reception unit 8011, a central processing unit 8012, a main storage device 8013, an auxiliary storage device 8014, an input device (not shown), a display device (not shown), and the like. . The transmission / reception unit 8011 is an interface that is connected to the network 9 and transmits / receives data to / from an external device (dial authentication device 804). The central processing unit 8012 is, for example, a CPU. The central processing unit 8012 performs various processes by executing programs stored in the main storage device 8013. The main storage device 8013 is, for example, a memory. The main storage device 8013 stores a program executed by the central processing unit 8012, information required by the central processing unit 8012, and the like. The auxiliary storage device 8014 is, for example, a hard disk. The auxiliary storage device 8014 stores various types of information. The input device is, for example, a mouse, a keyboard, or a touch panel. Various information is input to the input device from the user. The display device is a display. On the display device, information instructed to be displayed from the central processing unit 8012 is displayed. The client device 8010 may have any form as long as it includes the transmission / reception unit 8011, the central processing unit 8012, and the main storage device 8013. For example, the client device 8010 is a personal computer, server, mobile phone, ATM, or the like.

The client device 8010 transmits user-specific information to the dial authentication device 804 in response to a user operation. The user's unique information is an identifier that uniquely identifies the user. For example, the user's unique information includes at least one of a user ID, a password, a user's biometric information, a cash card number, and a credit card number. In the description of the present embodiment, a case where the user's unique information is a user ID will be described.

The client device 8010 transmits an authentication result request to the dial authentication device 804. The authentication result request includes a connection ID. The connection ID is an identifier that uniquely identifies the connection between the client device 8010 and the dial authentication device 804. The dial authentication device 804 can process the user ID previously received from the client device 8010 in association with the authentication result request by the connection ID. Since this connection management method is a technique employed in a general WEB server, detailed description thereof is omitted. Further, even if the dial authentication device 804 is not a WEB server, a connection management method similar to that for the WEB server may be used. Note that the client device 8010 may transmit an authentication result request in response to a user operation, or may transmit an authentication result request at regular intervals.

Thereafter, the client device 8010 receives the authentication result from the dial authentication device 804.

The mobile phone 8060 or the fixed phone 8080 sends a dial with a caller phone number notification to the confirmation phone number. The confirmation telephone number will be described in detail later.

FIG. 3 is a block diagram of a configuration of the dial authentication device 804 provided in the personal authentication system of the first embodiment. The dial authentication device 804 is physically a computer system including a transmission / reception unit 8041, a central processing unit 8042, a main storage device 8043, an auxiliary storage device 8044, an input device (not shown), a display device (not shown), and the like. is there. The transmission / reception unit 8041 is an interface that is connected to the network 9 and transmits / receives data to / from external devices (client device 8010, mobile phone 8060, and fixed phone 8080). The central processing unit 8042 is, for example, a CPU. The central processing unit 8042 performs various processes by executing programs stored in the main storage device 8043. The main storage device 8043 is, for example, a memory. The main storage device 8043 stores a program executed by the central processing unit 8042, information required by the central processing unit 8042, and the like. The auxiliary storage device 8044 is, for example, a hard disk. The auxiliary storage device 8044 stores various types of information. The input device is, for example, a mouse, a keyboard, or a touch panel. Various information is input to the input device from the administrator. The display device is a display. On the display device, information instructed to be displayed by the central processing unit 8042 is displayed. The dial authentication device 804 may be in any form as long as it includes the transmission / reception unit 8041, the central processing unit 8042, and the main storage device 8043. For example, the dial authentication device 804 is a personal computer or a server.

FIG. 4 is a functional block diagram of the dial authentication device 804 according to the first embodiment. The auxiliary storage device 8044 of the dial authentication device 804 stores the authentication program 80400 of the first embodiment. When the authentication program 80400 of the first embodiment is executed, the main storage device 8043 of the dial authentication device 804 includes a main module 80431, a user ID reception module 804321, an authentication result request reception module 804322, a user information search module 80433, A confirmation telephone number selection module 80434, a confirmation telephone number transmission module 80435, a dial incoming module 80436, a telephone number reading module 80437, an authentication module 80438, and an authentication result transmission module 80439 are stored.

The main module 80431 includes a user ID reception module 804321, an authentication result request reception module 804322, a user information retrieval module 80433, a confirmation telephone number selection module 80434, a confirmation telephone number transmission module 80435, a dial incoming module 80436, and a telephone number reading module 80437. The processing of the authentication module 80438 and the authentication result transmission module 80439 is integrated.

The user ID reception module 804321 receives a user ID from the client device 8010. Next, the user ID reception module 804321 delivers the received user ID to the user information search module 80433. Then, the user ID receiving module 804321 requests a search for the user telephone number. Note that the user telephone number is the telephone number of the user identified by the user ID.

The authentication result request reception module 804322 receives an authentication result request from the client device 8010. Upon receiving the authentication result request, the authentication result request receiving module 804322 requests the authentication module 80438 for authentication.

The user information search module 80433 accepts a user ID from the user ID reception module 804321. The user information search module 80433 selects from the user management table 80442 a record in which the accepted user ID matches the user ID 804421 of the user management table 80442. The user information search module 80433 extracts the user telephone number 804422 from the selected record. In this way, the user information search module 80433 searches for the user telephone number corresponding to the accepted user ID. Details of the user management table 80442 will be described with reference to FIG. Then, the user information search module 80433 delivers the extracted user telephone number to the confirmation telephone number selection module 80434.

The confirmation telephone number selection module 80434 accepts the user telephone number from the user information retrieval module 80433. The confirmation telephone number selection module 80434 selects one telephone number from the confirmation telephone number table 80443. That is, the confirmation telephone number selection module 80434 selects a telephone number that is not assigned to any of the previously accepted user telephone numbers from among the telephone numbers that can be received by the dial authentication device 804, as a confirmation telephone number table 80443. Select from. Details of the confirmation telephone number table 80443 will be described with reference to FIG. Then, the confirmation telephone number selection module 80434 assigns the selected telephone number as the confirmation telephone number to the accepted user telephone number. Further, the confirmation telephone number selection module 80434 stores the correspondence between the accepted user telephone number and the selected confirmation telephone number in the confirmation telephone number correspondence table 80441. Details of the confirmation telephone number correspondence table 80441 will be described with reference to FIG.

FIG. 5 is a configuration diagram of the confirmation telephone number table 80443 stored in the auxiliary storage device 8044 of the dial authentication device 804. The confirmation telephone number table 80443 includes a confirmation telephone number 804431 and an allocation flag 804432. The confirmation telephone number 804431 is a telephone number that is a candidate for the confirmation telephone number. In the confirmation telephone number 804431, all telephone numbers that can be dialed by the dial authentication device 804 are stored in advance. That is, the confirmation telephone number 804431 stores all the telephone numbers assigned to the dial authentication device 804 by the operator operating the public switched telephone network 2. The assignment flag 804432 indicates whether or not the confirmation telephone number 804431 is assigned to any of the user telephone numbers. Specifically, when the confirmation telephone number 804431 is assigned to any user telephone number, “1” is stored in the assignment flag 804432. On the other hand, when the confirmation telephone number 804431 is not assigned to any of the user telephone numbers, “0” is stored in the assignment flag 804432.

FIG. 6 is a configuration diagram of the confirmation telephone number correspondence table 80441 stored in the auxiliary storage device 8044 of the dial authentication device 804. The confirmation telephone number correspondence table 80441 includes a confirmation telephone number 804441 and a user telephone number 804413. In the confirmation telephone number 804441, the telephone number selected by the confirmation telephone number selection module 80434 is stored. The user telephone number 804413 stores the user telephone number 804422 extracted by the user information search module 80433. That is, the confirmation telephone number correspondence table 80441 is assigned to the telephone number of the user among the telephone number of the user identified by the user ID received from the client apparatus 8010 and the telephone number that can be received by the dial authentication apparatus 804. Shows the correspondence with the telephone number.

Here, the confirmation telephone number selection method of the confirmation telephone number selection module 80434 will be described. There is a one-to-one correspondence between the user telephone number and the confirmation telephone number. To achieve this goal, the confirmation telephone number selection module 80434 does not select a telephone number already assigned to the user telephone number from the confirmation telephone number table 80443. The confirmation telephone number selection module 80434 selects, from the confirmation telephone number table 80443, one record in which “0” is stored in the allocation flag 804432 of the confirmation telephone number table 80443. Next, the confirmation telephone number selection module 80434 extracts the confirmation telephone number 804431 from the selected record. Further, the confirmation telephone number selection module 80434 stores “1” in the allocation flag 804432 of the selected record. Then, the confirmation telephone number selection module 80434 assigns the extracted confirmation telephone number 804431 to the user telephone number. The confirmation telephone number selection module 80434 cancels the assignment of the confirmation telephone number when a predetermined time elapses after the confirmation telephone number 804431 is assigned. Further, when the authentication for the user telephone number is completed, the confirmation telephone number selection module 80434 cancels the assignment of the confirmation telephone number to the user telephone number. Specifically, the confirmation telephone number selection module 80434 obtains a record in which the confirmation telephone number to be unassigned matches the confirmation telephone number 804412 of the confirmation telephone number correspondence table 80441, and the confirmation telephone number correspondence table 80441. Delete from. Further, the confirmation telephone number selection module 80434 selects, from the confirmation telephone number table 80443, a record in which the confirmation telephone number to be unassigned matches the confirmation telephone number 804431 in the confirmation telephone number table 80443. Next, the authentication module 80438 cancels the assignment of the confirmation telephone number by storing “0” in the assignment flag 804432 of the selected record. Then, the confirmation telephone number selection module 80434 can re-assign the telephone number that has been unassigned to a different user telephone number as the confirmation telephone number. However, the dial authentication device 804 cannot authenticate more users than the number of telephone numbers assigned by the operator of the public switched telephone network 2 within a predetermined time. This is because if all of the telephone numbers that can be received by the dial authentication device 804 are already assigned to the user telephone number, the confirmation telephone number selection module 80434 can assign the telephone number to the newly assumed user telephone number. It is not possible. Therefore, it is preferable that telephone numbers that can be received by the dial authentication device 804 are prepared in advance according to the number of services provided. Note that the confirmation telephone number selection module 80434 may select the confirmation telephone number using another method.

FIG. 7 is a configuration diagram of the user management table 80442 stored in the auxiliary storage device of the dial authentication device 804 according to the first embodiment. The user management table 80442 includes a user ID 804421 and a user telephone number 804422. A user ID 804421 is a unique identifier of a user who is authenticated by the dial authentication device 804. The user telephone number 804422 is the telephone number of the user identified by the user ID 804421. Note that the user management table 80442 may hold other information unique to the user. The user-specific information includes, for example, at least one of a user ID, a user name, a password, a credit card number, a cash card number, a user's biometric information, a schedule table, an operation history, and a deposit balance. In other words, in the user management table 80442, user-specific information is managed in correspondence with the user ID 804421. By the way, in this embodiment, a user telephone number is not used as an identifier for identifying a user. Therefore, a plurality of user IDs corresponding to one user telephone number can be registered in the user management table 80442. That is, a plurality of users can be set for one telephone number.

The user of the dial authentication device 804 of the first embodiment registers the user ID 804421 and the user telephone number 804422 in the user management table 80442 in advance by a predetermined method.

Returning now to FIG. The confirmation telephone number selection module 80434 delivers the selected confirmation telephone number and the accepted user telephone number to the confirmation telephone number transmission module 80435.

The confirmation telephone number transmission module 80435 accepts the confirmation telephone number from the confirmation telephone number selection module 80434. The confirmation telephone number transmission module 80435 notifies the cellular phone 8060 or the fixed telephone 8080 of the accepted confirmation telephone number. Specifically, the confirmation telephone number transmission module 80435 transmits a dial using the accepted confirmation telephone number as a transmission source to the accepted user telephone number. At this time, confirmation telephone number transmission module 80435 transmits a dial accompanied by a caller ID notification. Accordingly, the cellular phone 8060 or the fixed phone 8080 accepts dialing using the confirmation phone number as the caller phone number. For this reason, the mobile phone 8060 or the fixed phone 8080 can make a dial accompanied by a caller ID notification to the confirmation phone number by a simple operation of the user.

Further, the confirmation telephone number transmission module 80435 may notify the cellular phone 8060 or the fixed telephone 8080 of the accepted confirmation telephone number using an electronic mail. In this case, the user management table 80442 further includes a user mail address that is a mail address that can be received by the mobile phone 8060 or the fixed telephone 8080 owned by the user identified by the user ID 804421. The user information search module 80433 extracts the user mail address corresponding to the accepted user ID from the user management table 80442 together with the user telephone number corresponding to the accepted user ID. Then, the confirmation telephone number transmission module 80435 transmits an electronic mail including the confirmation telephone number to the mobile phone 8060 or the fixed telephone 8080. Specifically, the confirmation telephone number transmission module 80435 transmits an e-mail in which the confirmation telephone number is described in the text or subject to the user mail address extracted by the user information search module 80433. As a result, the cellular phone 8060 or the fixed phone 8080 receives an e-mail including a confirmation telephone number. For this reason, the mobile phone 8060 or the fixed phone 8080 can make a dial accompanied by a caller ID notification to the confirmation phone number by a simple operation of the user. In this case, the cellular phone 8060 or the fixed phone 8080 is equipped with an e-mail receiving function. The user mail address may be assigned to a terminal other than the mobile phone 8060 and the fixed phone 8080.

Dial incoming module 80436 accepts a dial transmitted from mobile phone 8060 or fixed phone 8080. Note that the dial incoming module 80436 may or may not place the accepted dial in a call state. Even if the dial incoming module 80436 does not place the dial in a call state, the telephone number reading module 80437 can acquire the caller telephone number and the telephone number of the incoming caller (incoming telephone number). Note that the dial incoming module 80436 may play a voice message indicating that the dial has been accepted when the dial is placed in a call state.

The telephone number reading module 80437 acquires the caller telephone number from the dial received by the dial incoming module 80436. Further, the telephone number reading module 80437 obtains the incoming telephone number from the port that received the dial. The method for acquiring the caller telephone number and the incoming telephone number of the telephone number reading module 80437 is mounted on a normal CTI server, and thus the description thereof is omitted. Subsequently, the telephone number reading module 80437 stores the acquired caller telephone number and the acquired incoming telephone number in association with each other. The correspondence between the caller telephone number and the incoming telephone number is managed by the incoming telephone number correspondence table 80444 stored in the auxiliary storage device of the dial authentication device 804. Details of the incoming telephone number correspondence table 80444 will be described with reference to FIG.

FIG. 8 is a configuration diagram of the incoming telephone number correspondence table 80444 stored in the auxiliary storage device of the dial authentication device 804. The incoming telephone number correspondence table 80444 includes an incoming telephone number 804442 and a sender telephone number 804443. The incoming telephone number 804442 stores the incoming telephone number acquired by the telephone number reading module 80437. The caller telephone number 804443 stores the caller telephone number acquired by the telephone number reading module 80437.

The authentication module 80438 receives an authentication request from the authentication result request reception module 804322. Subsequently, the authentication module 80438 selects a record related to the authentication result request from the confirmation telephone number correspondence table 80441 based on the connection ID included in the authentication result request. The authentication module 80438 extracts the confirmation telephone number 8041212 and the user telephone number 804413 from the selected record. Next, the authentication module 80438 matches the extracted confirmation telephone number 804442 with the incoming telephone number 804442 in the incoming telephone number correspondence table 80444, and the extracted user telephone number 804413 and the outgoing telephone number in the incoming telephone number correspondence table 80444 It is determined whether or not a record matching the number 804443 exists in the incoming telephone number correspondence table 80444. If the record exists in the incoming telephone number correspondence table 80444, the authentication module 80438 determines that authentication is possible. On the other hand, if the record does not exist in the incoming telephone number correspondence table 80444, the authentication module 80438 determines that authentication is not possible. The authentication module 80438 then passes the authentication result to the authentication result transmission module 80439.

Moreover, it may be as follows. Based on the connection ID included in the authentication result request, the authentication module 80438 selects a record related to the authentication result request from the confirmation telephone number correspondence table 80441. The authentication module 80438 extracts the confirmation telephone number 8041212 and the user telephone number 804413 from the selected record. Next, the authentication module 80438 selects from the incoming call number correspondence table 80444 a record in which the extracted confirmation telephone number 804441 matches the incoming call number 804442 in the incoming call number correspondence table 80444. The authentication module 80438 extracts the caller telephone number 804443 from the selected record. Next, the authentication module 80438 compares the user telephone number 804413 extracted from the confirmation telephone number correspondence table 80441 with the caller telephone number 804443 extracted from the incoming telephone number correspondence table 80444. If the user telephone number 804413 matches the caller telephone number 804443, the authentication module 80438 determines that authentication is possible. On the other hand, if the user telephone number 804413 and the caller telephone number 804443 do not match, the authentication module 80438 determines that authentication is not possible.

Moreover, it may be as follows. Based on the connection ID included in the authentication result request, the authentication module 80438 selects a record related to the authentication result request from the confirmation telephone number correspondence table 80441. The authentication module 80438 extracts the confirmation telephone number 8041212 and the user telephone number 804413 from the selected record. Next, the authentication module 80438 selects a record in which the extracted user telephone number 804413 matches the caller telephone number 804443 of the incoming telephone number correspondence table 80444 from the incoming telephone number correspondence table 80444. Next, the authentication module 80438 extracts the incoming telephone number 804442 from the selected record. Next, the authentication module 80438 compares the confirmation telephone number 804441 extracted from the confirmation telephone number correspondence table 80441 with the incoming telephone number 804442 extracted from the incoming telephone number correspondence table 80444. When the confirmation telephone number 804441 matches the incoming telephone number 804442, the authentication module 80438 determines that authentication is possible. On the other hand, if the confirmation telephone number 80412 and the incoming telephone number 804442 do not match, the authentication module 80438 determines that authentication is not possible.

In any of the cases described above, the authentication module 80438 determines whether the correspondence between the caller telephone number 804443 and the incoming telephone number 804442 matches the correspondence between the user telephone number 804413 and the confirmation telephone number 804441. Judging. If the two correspondences match, the authentication module 80438 determines that authentication is possible. That is, the authentication module 80438 determines that the client device 8010 that is the transmission source of the user's unique information is operated by a legitimate user. On the other hand, if the two correspondences do not match, the authentication module 80438 determines that authentication is not possible. That is, the authentication module 80438 determines that the client device 8010 that is the transmission source of the user's unique information is operated by an unauthorized user.

The authentication result transmission module 80439 transmits the authentication result determined by the authentication module 80438 to the client device 8010. Note that when the authentication module 80438 determines that authentication is possible, the authentication result transmission module 80439 may transmit an authentication result accompanied with user-specific information corresponding to the user ID 804421 of the user management table 80442.

Next, processing of the personal authentication method of the first embodiment will be described with reference to the drawings. FIG. 9 is a sequence diagram of processing of the personal authentication method according to the first embodiment.

Client apparatus 8010 transmits a user ID to dial authentication apparatus 804 via network 9 in response to a user operation (ST80211).

Then, user ID reception module 804321 receives the user ID from client apparatus 8010 (ST80212). Next, the user ID reception module 804321 delivers the received user ID to the user information search module 80433.

When the user information search module 80433 accepts the user ID, the user information search module 80433 selects from the user management table 80442 a record in which the accepted user ID matches the user ID 804421 of the user management table 80442. Next, user information search module 80433 extracts user telephone number 804422 from the selected record (ST80213). Then, the user information retrieval module 80433 delivers the extracted user telephone number 804422 to the confirmation telephone number selection module 80434.

The confirmation telephone number selection module 80434 accepts the user telephone number 804422 from the user information retrieval module 80433. Next, confirmation telephone number selection module 80434 extracts one confirmation telephone number 804431 from confirmation telephone number table 80443 (ST80214). Next, the confirmation telephone number selection module 80434 generates a new record in the confirmation telephone number correspondence table 80441. Next, the confirmation telephone number selection module 80434 stores the extracted confirmation telephone number 804431 in the confirmation telephone number 804441 of the created new record. Next, the confirmation telephone number selection module 80434 stores the user telephone number 804422 accepted from the user information search module 80433 in the user telephone number 804413 of the new record created (ST80215). Next, the confirmation telephone number selection module 80434 delivers the extracted confirmation telephone number 804431 to the confirmation telephone number transmission module 80435.

Confirmation telephone number transmission module 80435 accepts confirmation telephone number 804431 from confirmation telephone number selection module 80434. Next, the confirmation telephone number transmission module 80435 notifies the cellular phone 8060 of the accepted confirmation telephone number 804431 (ST80216).

The cellular phone 8060 sends a dial including the caller's phone number to the notified confirmation phone number 804431 via the public switched telephone line network 2 in response to the user's operation (ST80218).

Then, dial incoming module 80436 accepts an incoming dial call from mobile phone 8060 (ST80219).

The telephone number reading module 80437 acquires the caller telephone number and the incoming telephone number from the dial received by the dial incoming module 80436. Next, the telephone number reading module 80437 generates a new record in the incoming telephone number correspondence table 80444. Next, the telephone number reading module 80437 stores the acquired incoming telephone number in the incoming telephone number 804442 of the created new record. Next, the telephone number reading module 80437 stores the acquired caller telephone number in the caller telephone number 804443 of the created new record. (ST80220).

On the other hand, client apparatus 8010 transmits an authentication result request to dial authentication apparatus 804 via network 9 (ST80221).

Then, authentication result request reception module 804322 receives an authentication result request from client apparatus 8010 (ST80222). Upon receiving the authentication result request, the authentication result request receiving module 804322 requests the authentication module 80438 for authentication.

The authentication module 80438 receives an authentication request. Next, the authentication module 80438 selects a record related to the authentication result request from the confirmation telephone number correspondence table 80441 based on the connection ID included in the authentication result request. Subsequently, the authentication module 80438 extracts the confirmation telephone number 804441 and the user telephone number 804413 from the selected record. Next, the authentication module 80438 matches the extracted confirmation telephone number 804441 with the incoming telephone number 804442 of the incoming telephone number correspondence table 80444, and extracts the extracted user telephone number 804413 and incoming telephone number correspondence table 80444. It is determined whether or not a record matching the caller telephone number 804443 exists in the incoming telephone number correspondence table 80444. If the record exists in the incoming telephone number correspondence table 80444, the authentication module 80438 determines that authentication is possible. On the other hand, if the record does not exist in the incoming telephone number correspondence table 80444, the authentication module 80438 determines that authentication is not possible. Then, authentication module 80438 delivers the authentication result to authentication result transmission module 80439 (ST80223).

The authentication result transmission module 80439 accepts the authentication result from the authentication module 80438. Next, the authentication result transmission module 80439 transmits the accepted authentication result to the client apparatus 8010 via the network 9 (ST80224). Note that the authentication result transmission module 80439 may include user-specific information corresponding to the authenticated user in the authentication result.

Then, client device 8010 receives the authentication result from dial authentication device 804 (ST80225).

As described above, the user of the client device 8010 uses the mobile phone 8060 in order to receive authentication. A user cannot receive personal authentication without both a user ID and a mobile phone 8060. As a result, another person who has acquired only the user ID can impersonate the user of the client device 8010 and cannot be authenticated. That is, even if the user ID is given up, information leakage can be prevented. A plurality of users can be set for one telephone number. Also, the dial authentication device 804 compares the user telephone number associated with the user ID with the caller telephone number, so that even if a user who has been authenticated once dials the same confirmation telephone number by mistake, Other users will not be authenticated by impersonating the user who dialed by mistake. Thus, according to the present embodiment, a safe and convenient personal authentication system can be provided. Furthermore, according to the present embodiment, the confirmation telephone number is directly notified to the mobile phone 8060. Therefore, the cellular phone 8060 can dial the confirmation telephone number with a simple operation by the user. When the confirmation telephone number is notified by dialing, the mobile phone 8060 must be able to accept the dialing from the confirmation telephone number. That is, the validity of the mobile phone 8060 is verified not only from the caller telephone number but also from the reception of the dial. Further, when the confirmation telephone number is notified using an electronic mail, the mobile phone 8060 must be able to receive an electronic mail including the confirmation telephone number. That is, the validity of the mobile phone 8060 is verified not only from the caller telephone number but also from the mail address. Therefore, impersonation by other users becomes even more difficult.

In the above embodiment, the dial authentication device 804 is configured by a single device, but may be configured by a plurality of devices depending on the scale of the service to be provided. In this case, the devices constituting the dial authentication device 804 are connected to each other via an appropriate data transfer path. Further, the dial authentication device 804 may be composed of a plurality of devices for each function. For example, the dial authentication device 804 includes a device that selects a confirmation telephone number and receives a dial, and a device that receives a user ID and an authentication result request and transmits a confirmation telephone number and an authentication result. . Also in this case, the devices constituting the dial authentication device 804 are connected to each other via an appropriate data transfer path. Information such as a confirmation telephone number and a caller telephone number is delivered between devices via a data transfer path.

In the embodiment, the mobile phone 8060 sends a dial with a caller phone number. However, when the client apparatus 8010 is equipped with an IP telephone function, it may make a dial with a caller telephone number. As a result, the user can be authenticated by the telephone number assigned to the client device 8010.

Here, a first modification of the first embodiment of the present invention will be described. The dial authentication device 804 of the first embodiment compares the correspondence between the caller telephone number and the incoming telephone number with the correspondence between the user telephone number and the confirmation telephone number. However, in the first modified example, the dial authentication device 804 may compare the correspondence between the user's unique information and the incoming telephone number and the correspondence between the user's unique information and the confirmation telephone number. In this case, the confirmation telephone number correspondence table 80441 includes information unique to the user instead of the user telephone number 804413. The incoming phone number correspondence table 80444 includes user-specific information instead of the caller phone number 804443. Then, the dial authentication device 804 does not specify the user's telephone number from the user's unique information received from the client device 8010. Therefore, the dial authentication device 804 stores the correspondence between the received unique information of the user and the selected confirmation telephone number in the confirmation telephone number correspondence table 80441. In addition, the dial authentication device 804 refers to the user management table 80442 and identifies user-specific information corresponding to the caller telephone number acquired from the dial. Next, the dial authentication device 804 stores the correspondence between the specific information of the identified user and the incoming telephone number acquired from the dial in the incoming telephone number correspondence table 80444. The dial authentication device 804 then associates the user-specific information stored in the incoming telephone number correspondence table 80444 with the incoming telephone number, and the user-specific information stored in the confirmation telephone number correspondence table 80441. And the correspondence with the confirmation phone number. When the two correspondences compared with each other match, the dial authentication device 804 determines that authentication is possible. On the other hand, if the two correspondences compared do not match, the dial authentication device 804 determines that authentication is not possible. Note that similar modifications are possible in all the embodiments described below.

Here, a second modification of the first embodiment of the present invention will be described. The dial authentication device 804 of the first embodiment compares the correspondence between the caller telephone number and the incoming telephone number with the correspondence between the user telephone number and the confirmation telephone number. However, in the second modified example, the dial authentication device 804 includes the correspondence between the received user's unique information and the caller telephone number acquired from the dial, and the user's unique information stored in the user management table 80442. The correspondence with the user telephone number may be compared. In this case, the confirmation telephone number correspondence table 80441 includes information unique to the user instead of the user telephone number 804413. The incoming phone number correspondence table 80444 includes user-specific information instead of the incoming phone number 804442. Then, the dial authentication device 804 does not specify the user's telephone number from the user's unique information received from the client device 8010. Therefore, the dial authentication device 804 stores the correspondence between the received unique information of the user and the selected confirmation telephone number in the confirmation telephone number correspondence table 80441. Also, the dial authentication device 804 refers to the confirmation telephone number correspondence table 80441, and identifies the unique information of the user corresponding to the incoming telephone number acquired from the dial. Next, the dial authentication device 804 stores the correspondence between the specific information of the identified user and the caller telephone number acquired from the dial in the incoming telephone number correspondence table 80444. The dial authentication device 804 then associates the user's unique information stored in the incoming phone number correspondence table 80444 with the caller's telephone number, the user's unique information stored in the user management table 80442, and the user. Compare the correspondence with the phone number. When the two correspondences compared with each other match, the dial authentication device 804 determines that authentication is possible. On the other hand, if the two correspondences compared do not match, the dial authentication device 804 determines that authentication is not possible. Note that similar modifications are possible in all the embodiments described below.

In the above-described embodiment, the case where the unique information of the user is the user ID has been described. However, the user's unique information may be any information as long as it can identify the user. Specifically, the user's unique information includes at least one of a user ID, a password, a user's biometric information, a cash card number, and a credit card number. For example, the client device 8010 may transmit a combination of a user ID and a password to the dial authentication device 804. Thus, by combining with the conventional authentication process, the safety of the personal authentication system of this embodiment can be improved.

A specific example of authentication according to this embodiment will be described. For example, the client device 8010 requests the login of the WEB page by transmitting the user ID. In this case, the dial authentication device 804 may be a WEB server or an authentication-dedicated device that receives an authentication request from the WEB server. Also, the client device 8010 requests a credit card settlement on the WEB page by transmitting the user ID. In this case, the dial authentication device 804 may be a WEB server that performs credit card payment, or may be a dedicated authentication device that receives an authentication request from the WEB server. Further, the client device 8010 requests the withdrawal of the deposit, the repayment of the borrowing, or the borrowing of the borrowing by transmitting the user ID. In this case, the client device 8010 is an ATM. Further, the dial authentication device 804 is a management server that manages settlement in ATM. In addition, the client device 8010 requests credit card settlement at the store by transmitting the user ID. In this case, the client device 8010 is a reader device that reads credit card information. Furthermore, the dial authentication device 804 is a management server that manages payment of a credit card in the reader device. In addition, the client device 8010 requests debit card settlement by transmitting the user ID. In this case, the client device 8010 is a reader device that reads information of the debit card. Furthermore, the dial authentication device 804 is a management server that manages settlement of debit cards in the reader device. In addition, the client device 8010 requests borrowing by postpayment with the utility bill by transmitting the user ID. In this case, the client device 8010 is an ATM. Further, the dial authentication device 804 is a management server that manages borrowing in the ATM. In addition, the client device 8010 requests payment of the unpaid utility bill by transmitting the user ID. In this case, the client device 8010 is an information terminal installed in a convenience store or the like. Furthermore, the dial authentication device 804 is a management server that manages the information terminal. The client device 8010 requests connection to the in-house intranet by transmitting the user ID. In this case, the dial authentication device 804 is a management server that manages the intranet in the company. Further, the client device 8010 requests connection to the server by a thin client (THIN CLIENT) by transmitting the user ID. In this case, the dial authentication device 804 is a management server that manages the connection between the thin client device and the server. The client device 8010 requests connection to a wireless LAN access point by transmitting the user ID. In this case, the dial authentication device 804 is a management server that manages the connection between the client device 8010 and the access point. Note that the above-described user may be a computer instead of a person. For example, the computer may be authenticated as a user.

(Second Embodiment)
Although the personal authentication system of the second embodiment will be described below, the same reference numerals are used for portions that overlap with the personal authentication system of the first embodiment, and description thereof is omitted.

FIG. 10 is a schematic configuration diagram of a personal authentication system according to the second embodiment. The personal authentication system shown in FIG. 10 includes a client device 8110, a mobile phone 8060, a fixed phone 8080, and a dial authentication WEB device 814. The client device 8110 is a computer operated by a user who is going to be authenticated. The client device 8110 is connected to the network 9. The network 9 is the Internet. Further, the configuration of the client device 8110 is the same as that of the client device 8010 (FIG. 2) provided in the personal authentication system of the first embodiment, and a description thereof will be omitted. The client device 8110 may take any form as long as it includes a transmission / reception unit, a central processing unit, and a main storage device. The cellular phone 8060 and the fixed phone 8080 are telephones that make a dial accompanied by a caller telephone number notification when operated by a user. The caller telephone number does not necessarily have to be a number, and may be a character as employed in the technology of ISDN (Integrated Services Digital Network) or SIP (Session Initiation Protocol). The mobile phone 8060 and the fixed phone 8080 are connected to the public switched telephone network 2. The cellular phone 8060 and the fixed phone 8080 may be IP phones. In this case, the public switched telephone line network 2 is the Internet. The dial authentication WEB device 814 is connected to the client device 8110 via the network 9. The dial authentication WEB device 814 is connected to the mobile phone 8060 and the fixed phone 8080 via the public switched telephone network 2. The dial authentication WEB device 814 has a WEB server function and a dial incoming server function. The configuration of the dial authentication WEB device 814 is the same as that of the dial authentication device 804 (FIG. 3) provided in the personal authentication system of the first embodiment, and thus description thereof is omitted. In order to clarify the explanation, in the personal authentication system of the second embodiment, an authentication process for one client device 8110 will be described. Actually, the dial authentication WEB apparatus 814 performs authentication for a plurality of client apparatuses 8110 via the network 9. In FIG. 10, three client devices 8110 are illustrated, but any number of personal authentication systems may be provided. Further, although four mobile phones 8060 are shown in the figure, any number of personal authentication systems may be provided. Further, although two fixed telephones 8080 are shown in the figure, any number of personal authentication systems may be provided. However, the mobile phone 8060 may function as the client device 8110 as long as it has a WEB browser function. In the description of the present embodiment, a case where the unique information of the user is a user ID will be described.

Since the function of the client device 8110 is the same as that of the client device 8010 provided in the personal authentication system of the first embodiment, description thereof is omitted. The client device 8110 transmits a user ID and an authentication result request to the dial authentication WEB device 814 by HTTP. In addition, the client device 8110 receives the authentication result from the dial authentication WEB device 814 by HTTP.

The client device 8110 has the following functions in addition to the functions of the client device 8010 provided in the personal authentication system of the first embodiment. The client device 8110 transmits a request for a login WEB page to the dial authentication WEB device 814 in response to a user operation. Then, the client device 8110 receives a login WEB page from the dial authentication WEB device 814. The client device 8110 displays the login WEB page received from the dial authentication WEB device 814 on the display device. The login WEB page displayed on the display device of the client device 8110 includes a user ID input field and a user ID transmission button. The user ID transmission button receives an instruction to transmit a user ID from the user. When the user ID button is operated by the user, the client device 8110 transmits the user ID input in the user ID column to the dial authentication WEB device 814. In other words, user-specific information is input to the login WEB page. Then, the client device 8110 inputs the user-specific information input on the login WEB page to the dial authentication WEB device 814. Also, the client device 8110 transmits an authentication result request to the dial authentication WEB device 814 in response to a user operation. Note that the client device 8110 may transmit an authentication result request to the dial authentication WEB device 814 at regular intervals without triggering a user operation.

FIG. 11 is a functional block diagram of the dial authentication web apparatus 814 according to the second embodiment. The auxiliary storage device of the dial authentication WEB device 814 stores the authentication program 81400 of the second embodiment. When the authentication program 81400 of the second embodiment is executed, a main module 80431, a user ID receiving module 804321, an authentication result request receiving module 804322, a user information search module 80433, A confirmation telephone number selection module 80434, a confirmation telephone number transmission module 80435, a dial incoming module 80436, a telephone number reading module 80437, an authentication module 80438, and an authentication result transmission module 81439 are stored.

The authentication result transmission module 81439 has the same function as the authentication result transmission module 80439 provided in the dial authentication device 804 of the first embodiment. The other modules are the same as those provided in the dial authentication device 804 of the personal authentication device according to the first embodiment, and a description thereof will be omitted.

The authentication result transmission module 81439 generates the WEB page including the authentication result of the authentication module 80438 in addition to the same function as the authentication result transmission module 80439. The authentication result transmission module 81439 transmits the generated WEB page to the client device 8110 as an authentication result. When the authentication result can be authenticated, the WEB page generated by the authentication result transmission module 81439 may include user-specific information corresponding to the user ID. For example, the user-specific information includes at least one of a user name, a password, a credit card number, a cash card number, a schedule table, an operation history, a deposit balance, and the like.

Next, the personal authentication method of the second embodiment will be described with reference to the drawings. FIG. 12 is a sequence diagram of processing of the personal authentication method according to the second embodiment. Prior to the processing of this sequence diagram, the client apparatus 8110 receives a login WEB page from the dial authentication WEB apparatus 814. The personal authentication method of the second embodiment (FIG. 12) is compared with the personal authentication method of the first embodiment (FIG. 9). The personal authentication method of the second embodiment includes ST81224 instead of ST80224. The processing of the personal authentication method of the second embodiment is the same as the processing sequence (FIG. 9) of the personal authentication method of the second embodiment, except for ST81224. Therefore, description of steps other than ST81224 will be omitted.

ST81224 will be described. The authentication result transmission module 81439 accepts the authentication result from the authentication module 80438. Next, the authentication result transmission module 81439 generates a WEB page including the accepted authentication result. Next, the authentication result transmission module 81439 transmits the generated WEB page to the client apparatus 8110 via the network 9 (ST81224). Note that the authentication result transmission module 81439 may generate a WEB page including user-specific information corresponding to the user ID, and transmit the generated WEB page.

As described above, the user of the client device 8110 uses the mobile phone 8060 to receive authentication. A user cannot receive personal authentication without both a user ID and a mobile phone 8060. As a result, another person who has acquired only the user ID can impersonate the user of the client device 8110 and cannot be authenticated. That is, even if the user ID is given up, information leakage can be prevented. In addition, a plurality of users can be set for one telephone number. Even if the user mistakenly dials the confirmation telephone number used in the previous authentication, the dial authentication WEB device 814 can prevent impersonation by another user. This is because the dial authentication WEB device 814 compares the telephone number associated with the user ID with the caller telephone number. Thus, this embodiment can provide a safe and convenient personal authentication system. Furthermore, according to the present embodiment, the confirmation telephone number is directly notified to the mobile phone 8060. Therefore, the cellular phone 8060 can dial the confirmation telephone number with a simple operation by the user. When the confirmation telephone number is notified by dialing, the mobile phone 8060 must be able to accept the dialing from the confirmation telephone number. That is, the validity of the mobile phone 8060 is verified not only from the caller telephone number but also from the reception of the dial. Further, when the confirmation telephone number is notified using an electronic mail, the mobile phone 8060 must be able to receive an electronic mail including the confirmation telephone number. That is, the validity of the mobile phone 8060 is verified not only from the caller telephone number but also from the mail address. Therefore, impersonation by other users becomes even more difficult.

Note that the mobile phone 8060 may function as both the mobile phone 8060 and the client device 8110 when the WEB browser function is installed. Further, when the client device 8110 has an IP phone function, it may function as both the mobile phone 8060 and the client device 8110.

(Third embodiment)
In the following, the personal authentication system of the third embodiment will be described. However, the same reference numerals are used for portions that overlap the personal authentication system of the first embodiment or the personal authentication system of the second embodiment. Omitted.

The dial authentication WEB apparatus 814 provided in the personal authentication system of the second embodiment includes an authentication function and a WEB page transmission function including user-specific information. In order to change the conventional WEB server to have the function of the dial authentication WEB device 814, it is essential to change the program of the WEB server. In addition, in order to change a conventional WEB server to have the function of the dial authentication WEB apparatus 814, it is necessary to receive a dial. On the other hand, in the third embodiment, an embodiment in which the personal authentication method of the present invention can be easily introduced to a conventional WEB server will be described. A conventional WEB server provided in the personal authentication system of the third embodiment is referred to as an introduction WEB server 5.

FIG. 13 is a schematic configuration diagram of a personal authentication system according to the third embodiment. The personal authentication system shown in FIG. 13 includes a client device 8110, a mobile phone 8060, a fixed phone 8080, an introduction WEB server 5, and a dial authentication dedicated WEB device 854. The client device 8110 is a computer operated by a user who is going to be authenticated. The client device 8110 is connected to the network 9. The network 9 is the Internet. Further, the configuration of the client device 8110 is the same as that of the client device 8010 (FIG. 2) provided in the personal authentication system of the first embodiment, and a description thereof will be omitted. The client device 8110 may take any form as long as it includes a transmission / reception unit, a central processing unit, and a main storage device. A cellular phone 8060 and a fixed phone 8080 are telephones that make a dial accompanied by a caller telephone number notification in response to a user operation. The caller telephone number does not necessarily have to be a number, and may be a character as employed in the technology of ISDN (Integrated Services Digital Network) or SIP (Session Initiation Protocol). The mobile phone 8060 and the fixed phone 8080 are connected to the public switched telephone network 2. The cellular phone 8060 and the fixed phone 8080 may be IP phones. In this case, the public switched telephone line network 2 is the Internet. The introduction WEB server 5 is connected to the client device 8110 and the mobile phone 8060 via the network 9. The introduction WEB server 5 is a conventional WEB server. For example, the introduction WEB server 5 receives a login from the user of the client device 8110. When the dial authentication dedicated WEB device 854 determines that authentication is possible, the introduction WEB server 5 transmits a WEB page including user-specific information to the client device 8110. For example, the introduction WEB server 5 transmits a member WEB page corresponding to the user ID. The dial authentication dedicated WEB device 854 is connected to the client device 8110 via the network 9. The dial authentication dedicated WEB device 854 is connected to the mobile phone 8060 and the fixed phone 8080 via the public switched telephone line network 2. The dial authentication dedicated WEB device 854 has a WEB server function and a dial incoming server function. Since the configuration of the dial authentication dedicated WEB device 854 is the same as that of the dial authentication device 804 (FIG. 3) provided in the personal authentication system of the first embodiment, the description thereof is omitted. In order to clarify the explanation, in the personal authentication system of the third embodiment, an authentication process for one client device 8110 will be described. In practice, the dial authentication dedicated WEB device 854 authenticates a plurality of client devices 8110 via the network 9. In FIG. 13, three client devices 8110 are illustrated, but any number of personal authentication systems may be provided. Further, although four mobile phones 8060 are shown in the figure, any number of personal authentication systems may be provided. Further, although two fixed telephones 8080 are shown in the figure, any number of personal authentication systems may be provided. However, the mobile phone 8060 also functions as the client device 8110 if it has a WEB browser function.

For the sake of clarity, in the description of the personal authentication system of the third embodiment, it is assumed that the domain “dunyu.jp” is assigned to the introduction WEB server 5. Further, it is assumed that the domain “ninsho.jp” is assigned to the dial authentication dedicated WEB device 854.

The client device 8110 has the following functions in addition to the functions of the client device 8010 provided in the personal authentication system of the first embodiment. The client device 8110 transmits a request for a login WEB page to the introduction WEB server 5 in response to a user operation. The client device 8110 receives a login WEB page from the introduction WEB server 5. The client device 8110 displays the login WEB page received from the introduction WEB server 5 on the display device. The login WEB page (not shown) displayed on the display device of the client device 8110 includes a user ID input field and a user ID transmission button. The user ID transmission button receives an instruction to transmit a user ID from the user. When the user ID transmission button is operated by the user, the client device 8110 transmits the user ID input in the user ID column to the dial authentication dedicated WEB device 854.

In addition, the client device 8110 transmits a request for a member WEB page to the introduction WEB server 5 based on information included in the WEB page indicating the authentication result received from the dial authentication dedicated WEB device 854.

The introduction WEB server 5 receives a request for a login WEB page from the client device 8110. Then, the introduction WEB server 5 transmits a login WEB page to the client device 8110. As described above, the login WEB page includes a user ID input field and a user ID transmission button. The login WEB page includes authentication site information. The authentication site information includes the URL and return URL of the dial authentication dedicated WEB device 854 that is the transmission destination of the user ID. The return URL is a URL for the client apparatus 8110 to send a request for a member WEB page after the authentication by the dial authentication dedicated WEB apparatus 854 is completed. Here, an example of authentication site information is shown. For example, the authentication site information is <FORM METHOD = “POST” ACTION = “http://www.ninsho.jp/index.php?rule=http://www.dunyu.jp/member.php”> user ID : <INPUT TYPE = “text” NAME = “USRID”> <BR> <INPUT TYPE = “submit” VALUE = “transmission”> </ FORM>. The URL after “rurl =” is the return URL. The authentication site information may be other as long as the purpose is achieved.

When authentication is permitted by the dial authentication dedicated WEB device 854, the client device 8110 transmits a request for a member WEB page. The introduction WEB server 5 receives a request for a member WEB page from the client device 8110. Then, the introduction WEB server 5 extracts the user's telephone number from the received request for the member WEB page. The introduction WEB server 5 generates a WEB page including user-specific information corresponding to the extracted user telephone number. The introduction WEB server 5 transmits the generated WEB page to the client device 8110 as a member WEB page.

The function of the dial authentication WEB device 854 is mainly the same as that of the dial authentication WEB device 814 (FIG. 11) provided in the personal authentication system of the second embodiment. The function of the dial authentication dedicated WEB device 854 includes the following function in addition to the function of the dial authentication WEB device 814 provided in the personal authentication system of the second embodiment. The dial authentication dedicated WEB device 854 receives the return URL from the client device 8110 together with the user ID. Further, the dial authentication dedicated WEB device 854 stores the received return URL in association with the selected confirmation telephone number in the confirmation telephone number correspondence table 80441. Therefore, the confirmation telephone number correspondence table 80441 includes a return URL (not shown). The dial authentication dedicated WEB device 854 generates a WEB page including the authentication result, the return URL, and the user's telephone number. The example of the source code contained in the produced | generated WEB page is shown. For example, the source code is “<meta http-equiv =“ Refresh ”content =“ 0; url = http: // www. dounyu. jp / member. php? usrtel = 09014812122 & auth = 1 ″> ”. The URL after “url =” is the return URL. The numeric string after “userel =” is the telephone number of the user. The value after “auth =” is the authentication result. For example, “1” can be authenticated, and “0” cannot be authenticated. However, “auth =” is not necessarily included. For example, the source code is “<A HREF =“ http: // www. dounyu. jp / member. php? usrtel = 09014812122 & auth = 1 "> Membership page is here </A>". The URL after “HREF =” is the return URL. The numeric string after “userel =” is the telephone number of the user. The value after “auth =” is the authentication result. For example, “1” can be authenticated, and “0” cannot be authenticated. However, “auth =” is not necessarily included. The source code included in the WEB page may be other as long as the purpose is achieved.

Next, a personal authentication method according to the third embodiment will be described with reference to FIG. FIG. 14 is a sequence diagram of processing of the personal authentication method according to the third embodiment. The personal authentication method of the third embodiment (FIG. 14) is compared with the personal authentication method of the second embodiment (FIG. 12). The personal authentication method of the third embodiment includes ST85212 instead of ST80212. Also, the personal authentication method of the third embodiment includes ST85215 instead of ST80215. Also, the personal authentication method of the third embodiment includes ST85224 instead of ST81224. Further, the personal authentication method of the third embodiment includes ST85209, ST85210, ST85226, ST85227, and ST85228. Processing of the personal authentication method of the third embodiment is the same as that of the personal authentication method (FIG. 12) of the second embodiment, except for ST85212, ST85215, and ST85224. Therefore, description of steps other than ST85209, ST85210, ST85212, ST85215, ST85224, ST85226, ST85227, and ST85228 is omitted.

ST85209 will be described. Client apparatus 8110 transmits a request for a login WEB page to introduction WEB server 5 via network 9 (ST85209).

ST85210 will be described. The introduction WEB server 5 receives a request for a login WEB page from the client device 8110. Then, the introduction WEB server 5 transmits a login WEB page including the authentication site information to the client device 8110 via the network 9 (ST85210).

ST85212 will be described. A user ID receiving module 804321 provided in the dial authentication dedicated WEB device 854 receives the user ID and the return URL from the client device 8110. Next, user ID reception module 804321 delivers the received user ID to the user information search module (ST85212).

ST85215 will be described. The confirmation telephone number selection module 80434 generates a new record in the confirmation telephone number correspondence table 80441. Next, the confirmation telephone number selection module 80434 stores the selected confirmation telephone number in the confirmation telephone number 804441 of the created new record. Next, the confirmation telephone number selection module 80434 stores the user telephone number received from the user information retrieval module 80433 in the user telephone number 804413 of the new record created. Next, the confirmation telephone number selection module 80434 stores the return destination URL received by the user ID receiving module 804321 in the return destination URL of the created new record (ST85215).

ST85224 will be described. The authentication result transmission module 81439 accepts the authentication result from the authentication module 80438. Next, the authentication result transmission module 81439 selects, from the confirmation telephone number correspondence table 80441, a record in which the confirmation telephone number used for authentication matches the confirmation telephone number 804441 in the confirmation telephone number correspondence table 80441. . Next, the authentication result transmission module 81439 extracts the user telephone number 804413 and the return URL from the selected record. The authentication result transmission module generates a WEB page including the extracted return URL, the extracted user telephone number 804413, and the accepted authentication result. Next, authentication result transmission module 81439 transmits the generated WEB page as an authentication result to client apparatus 8110 via network 9 (ST85224).

ST85226 will be described. The client device 8110 receives the WEB page transmitted as the authentication result from the dial authentication dedicated WEB device 854. Next, based on the received WEB page, client apparatus 8110 transmits a member WEB page request to introduction WEB server 5 via network 9 (ST85226). The request for the member's WEB page includes the user's telephone number. For example, a request for a member's WEB page is a URL “http://www.dunyu.jp/member.php?usrtel=09014812122&auth=1”. The numeric string after “userel =” is the telephone number of the user.

ST85227 will be described. The introduction WEB server 5 receives a request for a member WEB page from the client device 8110. Next, the introduction WEB server 5 extracts the user's telephone number from the received request for the member WEB page. Next, the introduction WEB server 5 identifies the user based on the extracted telephone number of the user. Next, the introduction WEB server 5 generates a member WEB page corresponding to the identified user. Next, the dial authentication dedicated WEB device 854 transmits the generated member WEB page to the client device 8110 via the network 9 (ST85227).

ST85228 will be described. The client device 8110 receives a member WEB page from the introduction WEB server 5 via the network 9. Next, client apparatus 8110 displays the received member WEB page on the display apparatus (ST85228).

An outline of processing of the personal authentication method of the third embodiment will be described. The client apparatus 8110 requests the introduction WEB server 5 for a login WEB page in response to a user operation (ST85209). The introduction WEB server 5 transmits the requested login WEB page to the client device 8110 (ST85210). Based on the authentication site information included in the login WEB page, client apparatus 8110 transmits the user ID and return URL to dial authentication dedicated WEB apparatus 854 (ST80211). Dial authentication dedicated WEB device 854 receives the user ID and the return URL (ST85212). Next, dial authentication dedicated WEB apparatus 854 searches for a user telephone number based on the user ID (ST80213). Next, dial authentication dedicated WEB apparatus 854 selects a confirmation telephone number (ST80214). Next, dial authentication dedicated WEB apparatus 854 associates the searched user telephone number, the selected confirmation telephone number, and the received return URL with each other and stores them in confirmation telephone number correspondence table 80441 (ST85215). Next, dial authentication dedicated WEB apparatus 854 notifies mobile phone 8060 of the selected confirmation telephone number (ST80216). Next, cellular phone 8060 transmits a dial including a caller telephone number notification to the notified confirmation telephone number in response to a user operation (ST80218). Dial authentication dedicated WEB apparatus 854 accepts an incoming dial call from mobile phone 8060 (ST80219). Next, the dial authentication dedicated WEB device 854 acquires the caller telephone number and the incoming telephone number from the received dial. Next, dial authentication dedicated WEB apparatus 854 associates the acquired caller telephone number with the acquired incoming telephone number, and stores them in incoming telephone number correspondence table 80444 (ST80220). Meanwhile, client apparatus 8110 transmits an authentication result request to dial authentication dedicated WEB apparatus 854 (ST80221). Dial authentication dedicated WEB apparatus 854 receives an authentication result request from client apparatus 8110 (ST80222). The dial authentication dedicated WEB device 854 selects a record related to the authentication result request from the confirmation telephone number correspondence table 80441 based on the connection ID included in the authentication result request. Subsequently, the dial authentication dedicated WEB device 854 extracts the confirmation telephone number 804441 and the user telephone number 804413 from the selected record. Next, the dial authentication-dedicated WEB device 854 matches the extracted confirmation telephone number 804441 with the incoming telephone number 804442 in the incoming telephone number correspondence table 80444 and extracts the extracted user telephone number 804413 and incoming telephone number correspondence table 80444. It is determined whether or not a record matching the caller telephone number 804443 exists in the incoming telephone number correspondence table 80444. If the record exists in the incoming telephone number correspondence table 80444, the dial authentication dedicated WEB device 854 determines that authentication is possible. On the other hand, when the record does not exist in the incoming telephone number correspondence table 80444, the dial authentication dedicated WEB device 854 determines that the authentication is impossible (ST80223). Next, the dial authentication dedicated WEB device 854 transmits a WEB page including the return URL, the user's telephone number, and the authentication result to the client device 8110 (ST85224). Client apparatus 8110 receives the WEB page (ST80225). Next, based on the return URL included in the received WEB page, client apparatus 8110 transmits a request for a member WEB page to introduction WEB server 5 (ST85226). The introduction WEB server 5 receives a request for a member WEB page from the client device 8110. Next, the introduction WEB server 5 extracts the user's telephone number from the received request for the member WEB page. Next, the introduction WEB server 5 transmits a member WEB page corresponding to the extracted user telephone number to the client device 8110 (ST85227). The member WEB page includes user-specific information corresponding to the extracted user phone number. The client device 8110 receives a member WEB page from the introduction WEB server 5. Next, client apparatus 8110 displays the received member WEB page on the display apparatus (ST85228).

As described above, the introduction WEB server 5 which is a conventional WEB server does not need to have a function of receiving a dial. The introduction WEB server 5 can introduce the personal authentication method of the present invention only by including the authentication site information in the login WEB page transmitted to the client device 8110.

In the embodiment described above, the dial authentication dedicated WEB device 854 stores the user management table 80442. However, the dial authentication dedicated WEB device 854 does not necessarily need to store the user management table 80442. Instead, the introduction WEB server 5 stores the user management table 80442. Further, the dial authentication dedicated WEB device 854 stores the correspondence between the unique information of the user and the mail address of the mobile phone owned by the user. In this case, in step ST80213, the dial authentication dedicated WEB apparatus 854 does not search for the user's telephone number based on the received user ID. Then, the dial authentication dedicated WEB 854 stores the correspondence between the received user ID and the selected confirmation telephone number in the confirmation telephone number correspondence table 80441. Next, the dial authentication dedicated WEB device 854 searches for the mail address of the mobile phone corresponding to the received user ID. Next, the dial authentication dedicated WEB device 854 transmits an e-mail including the selected confirmation telephone number to the searched e-mail address. As a result, the dial authentication dedicated WEB 854 notifies the mobile phone 8060 of the confirmation telephone number. Also, in step ST80223, the dial authentication dedicated WEB apparatus 854 selects from the confirmation telephone number correspondence table 80441 a record in which the acquired incoming telephone number matches the confirmation telephone number 804412 in the confirmation telephone number correspondence table 80441. . Next, the dial authentication dedicated WEB device 854 extracts the user ID from the selected record. Next, the dial authentication dedicated WEB device 854 transmits the extracted user ID and the acquired caller telephone number to the client device 8110. Next, the client apparatus 8110 transmits a request for a member WEB page including the received user ID and caller telephone number. Then, the introduction WEB server 5 extracts the user ID and the caller telephone number from the request for the member WEB page received from the client device 8110. Next, the introduction WEB server 5 has a record in which the extracted user ID matches the user ID 804421 of the user management table 80442, and the extracted caller telephone number matches the user phone number 804422 of the user management table 80442. It is determined whether or not the user management table 80442 exists. If the record exists in the user management table 80442, the introduction WEB server 5 determines that authentication is possible. On the other hand, if the record does not exist in the user management table 80442, the introduction WEB server 5 determines that authentication is not possible.

In the above-described embodiment, the introduction WEB server 5 transmits the member WEB page by trusting the telephone number included in the request for the member WEB page received from the client device 8110. However, the telephone number included in the request for the member's WEB page may be forged. Therefore, the introduction WEB server 5 may confirm that the link source is the dial authentication dedicated WEB device 854 by referring to the referer.

(Fourth embodiment)
Although the personal authentication system of the fourth embodiment will be described below, the same reference numerals are used for portions that overlap with the personal authentication system of the third embodiment, and description thereof is omitted.

In electronic commerce on the Internet, a credit card is often used as a settlement means. In the fourth embodiment, an example in which the personal authentication system of the third embodiment is applied to credit card settlement on the Internet will be described. In the fourth embodiment, the credit card number plays the same role as the user ID in the third embodiment.

Since the schematic configuration diagram of the personal authentication system of the fourth embodiment is the same as the schematic configuration diagram (FIG. 13) of the personal authentication system of the third embodiment, detailed description thereof is omitted. The client device 8110 is operated by a user who intends to execute credit card payment. The mobile phone 8060 is operated by a user who intends to execute credit card payment. The introduction WEB server 5 is a WEB server that provides electronic commerce such as article sales or service sales. The dial authentication dedicated WEB device 854 is a WEB device that processes credit card credit examination and billing. The user management table 80442 of the dial authentication dedicated WEB device 854 includes a credit card number (not shown). The credit card number included in the user management table 80442 is a credit card number owned by the user. The user management table 80442 stores the correspondence between the credit card number and the telephone number of the user who owns the credit card. Further, the confirmation telephone number correspondence table 80441 of the dial authentication dedicated WEB device 854 includes a settlement amount (not shown). The settlement amount included in the confirmation telephone number correspondence table 80441 is an amount to be settled with a credit card.

The outline of the process of the personal authentication method of the fourth embodiment will be described. The introduction WEB server 5 determines the payment amount with the user's operation. The settlement amount determination method may be a method adopted in a conventional electronic commerce site. The client device 8110 transmits a request for a settlement WEB page to the introduction WEB server 5 instead of a request for a login WEB page in response to a user operation. The introduction WEB server 5 receives a request for a payment WEB page. Then, the introduction WEB server 5 generates the requested payment WEB page. Next, the introduction WEB server 5 transmits the generated payment WEB page to the client device 8110. The payment WEB page (not shown) generated by the introduction WEB server 5 includes authentication site information. The authentication site information includes a return URL and a payment amount. The client device 8110 receives the payment WEB page. The WEB page for payment includes a credit card number input field, a credit card number transmission button, and a payment amount. Further, the payment WEB page includes authentication site information. The credit card number transmission button accepts an instruction to transmit a credit card number from the user. When the credit card number transmission button is operated by the user, the client device 8110 transmits the credit card number input in the credit card number input field to the dial authentication dedicated WEB device 854. At this time, the client device 8110 transmits the return URL and the payment amount to the dial authentication dedicated WEB device 854 together with the credit card number. The dial authentication dedicated WEB device 854 receives the credit card number, the return URL, and the settlement amount. Next, the dial authentication dedicated WEB device 854 searches the user management table 80442 for a user telephone number based on the received credit card number. Next, the dial authentication dedicated WEB device 854 selects a confirmation telephone number. Next, the dial authentication dedicated WEB device 854 stores the retrieved user telephone number, the selected confirmation telephone number, the received return URL, and the received payment amount in the confirmation telephone number correspondence table 80441 in association with each other. Next, the dial authentication dedicated WEB device 854 notifies the mobile phone 8060 of the selected confirmation telephone number. Next, the cellular phone 8060 sends a dial including a caller phone number notification to the notified confirmation phone number in response to a user operation. As a result, the mobile phone 8060 transmits a dial accompanied by a caller telephone number notification to the dial authentication dedicated WEB device 854. Dial authentication dedicated WEB device 854 accepts an incoming dial call from mobile phone 8060. Next, the dial authentication dedicated WEB device 854 acquires the caller telephone number and the incoming telephone number from the received dial. Next, the dial authentication dedicated WEB device 854 stores the acquired incoming telephone number and the acquired caller telephone number in association with each other in the incoming telephone number correspondence table 80444. On the other hand, the client device 8110 transmits an authentication result request to the dial authentication dedicated WEB device 854. The dial authentication dedicated WEB device 854 receives an authentication result request from the client device 8110. Next, the dial authentication dedicated WEB device 854 selects a record corresponding to the connection ID from the confirmation telephone number correspondence table 80441. Next, the dial authentication dedicated WEB device 854 extracts the confirmation telephone number 804212 and the user telephone number 804413 from the selected record. Next, the dial authentication-dedicated WEB device 854 matches the extracted confirmation telephone number 804441 with the incoming telephone number 804442 in the incoming telephone number correspondence table 80444 and extracts the extracted user telephone number 804413 and incoming telephone number correspondence table 80444. It is determined whether or not a record matching the caller telephone number 804443 exists in the incoming telephone number correspondence table 80444. If the record does not exist in the incoming telephone number correspondence table 80444, the dial authentication dedicated WEB device 854 determines that the authentication is impossible. On the other hand, when the record exists in the incoming telephone number correspondence table 80444, the dial authentication dedicated WEB apparatus 854 performs credit examination for the credit card corresponding to the extracted user telephone number 804413. In the credit examination, the dial authentication dedicated WEB device 854 determines whether or not the payment amount stored in the confirmation telephone number correspondence table 80441 can be settled with the credit card. The credit screening is the same as the conventional credit screening when using a credit card. By the way, since the dial authentication dedicated WEB device 854 includes the credit card number in the user management table 80441, the credit card corresponding to the user telephone number can be easily specified. The dial authentication dedicated WEB device 854 charges the payment amount to the credit card when the credit examination is good. Note that the dial authentication dedicated WEB device 854 may request the credit examination processing and the billing processing from a device dedicated to the credit examination processing and the billing processing. When the dial authentication dedicated WEB device 854 completes the accounting process, the authentication result is determined to be authentic. The dial authentication dedicated WEB device 854 transmits a WEB page including the user telephone number, the authentication result, and the return URL to the client device 8110. Based on the authentication result and the return URL included in the received WEB page, the client device 8110 transmits a request for a settlement-finished WEB page including the user's telephone number to the introduction WEB server 5. The introductory WEB server 5 receives a request for a web page for which payment has been completed from the client device 8110. Next, the introduction WEB server 5 extracts the telephone number of the user from the received WEB page request for payment completion. Next, the introduction WEB server 5 transmits to the client device 8110 a payment-finished WEB page corresponding to the extracted user telephone number. The payment-finished WEB page includes user-specific information corresponding to the extracted user phone number.

As described above, the personal authentication system of the third embodiment can be applied to a credit card settlement. In the fourth embodiment, the credit card settlement has been described. However, the settlement means may be any means as long as it is a means for settlement through authentication. For example, the payment means includes “Edy” (trademark), “Jay debit” (trademark), “mobile phone payment service” (trademark), and the like. “Edy” (trademark) is electronic money that can be used in stores or on the Internet. “J Debit” (trademark) is a settlement service for deposit account withdrawal that can be used in stores or on the Internet. “Mobile Phone Payment Service” (trademark) is a postpaid payment service available on the Internet, where the payment amount is added to the charge for the mobile phone fee.

By the way, the WEB page for settlement generated by the introduction WEB server includes a credit card number input field. The payment WEB page generated by the introduction WEB server may include a credit card expiration date input field, a contractor name input field, and a password input field in addition to the credit card number input field. The client device 8110 transmits not only the credit card number but also the credit card expiration date, the contractor name, and the personal identification number to the dial authentication dedicated WEB device 854. The dial authentication dedicated WEB device 854 repeatedly performs conventional authentication based on the credit card number, the credit card expiration date, the contractor name, and the password. By combining with the conventional authentication process, the safety of the personal system of the present embodiment is enhanced. Note that the unique information of the user in the present embodiment includes a credit card expiration date, a contractor's name or a password.

(Fifth embodiment)
In the following, the personal authentication system of the fifth embodiment will be described. However, the same reference numerals are used for portions that overlap with the personal authentication system of the first embodiment, and the description thereof is omitted.

A specific embodiment in which the personal authentication system of the first embodiment is used for ATM user authentication as a personal authentication system of the fifth embodiment will be described. Conventionally, ATMs collate passwords to prevent the use of impersonation. However, the operation of impersonation by voyeuring of a personal identification number has become a social problem. In the personal authentication system according to the fifth embodiment, an example will be described in which a caller telephone number is used instead of collation of a personal identification number. In the fifth embodiment, the account number of the financial institution plays the same role as the user ID in the first embodiment. That is, in the fifth embodiment, the unique information of the user is the unique information of the cash card including the account number and the like.

FIG. 15 is a schematic configuration diagram of a personal authentication system according to the fifth embodiment. The personal authentication system shown in FIG. 15 includes a plurality of ATM (AUTOMATIC TELLER MACHINE) 8210, a plurality of mobile phones 8060, and an ATM dial authentication device 824. The ATM 8210 is operated by a user who is authenticated and intends to withdraw or withdraw cash. The ATM 8210 is connected to the network 9. Details of the ATM 8210 will be described with reference to FIG. The cellular phone 8060 is a telephone that transmits a dial accompanied by a caller telephone number notification when operated by a user. The cellular phone 8060 may be an IP phone. In this case, the public switched telephone line network 2 is the Internet. The ATM dial authentication device 824 is connected to the ATM 8210 via the network 9. In the fifth embodiment, the network 9 is an internal network. The network 9 may include a relay device that aggregates ATM dial authentication devices installed in a plurality of financial institutions. The ATM dial authentication device 824 is connected to a mobile phone 8060 via the public switched telephone network 2. The configuration of the ATM dial authentication device 824 is the same as that of the dial authentication device 804 (FIG. 3) provided in the personal authentication system of the first embodiment, and a description thereof will be omitted. In FIG. 15, three ATM 8210s are illustrated, but any number of personal authentication systems may be provided. Further, although three mobile phones 8060 are illustrated, any number of personal authentication systems may be provided.

FIG. 16 is a block diagram of the configuration of the ATM 8210 provided in the personal authentication system of the fifth embodiment. The ATM 8210 physically includes a transmission / reception unit 8211, a central processing unit 8212, a main storage device 8213, an auxiliary storage device 8214, an input device (not shown), a display device (not shown), a cash handling unit 8215, and a card information reading unit. 8216 and the like. The transmission / reception unit 8211 is connected to the network 9 and is an interface for transmitting / receiving data to / from external devices (ATM dial authentication device 824 and mobile phone 8060). The central processing unit 8212 is, for example, a CPU. The central processing unit 8212 performs various processes by executing programs stored in the main storage device 8213. The main storage device 8213 is, for example, a memory. The main storage device 8213 stores a program executed by the central processing unit 8212, information required by the central processing unit 8212, and the like. The auxiliary storage device 8214 is, for example, a hard disk. The auxiliary storage device 8214 stores various information. The input device is, for example, a keyboard or a touch panel. Various information is input to the input device from the user. The display device is a display. On the display device, information instructed to be displayed by the central processing unit 8212 is displayed. The cash handling unit 8215 physically manages banknotes and money. Further, the cash handling unit 8215 deposits and withdraws banknotes and money. The cash handling unit 8215 may be provided in an ATM of a general financial institution. The card information reading unit 8216 is a device that reads information stored in a cash card. The card information reading unit 8216 provided in a general ATM is sufficient. Note that the ATM 8210 is not necessarily provided with the auxiliary storage device 8214.

The functions of the ATM 8210 provided in the personal authentication system of the fifth embodiment are mainly the same as those of the client device 8010 provided in the personal authentication system of the first embodiment. The ATM 8210 provided in the personal authentication system of the fifth embodiment has the following functions in addition to the functions of the client device 8010 provided in the personal authentication system of the first embodiment. The ATM 8210 reads information specific to the cash card from the cash card in response to a user operation. The ATM 8210 transmits cash card specific information to the ATM dial authentication device 824. The information unique to the cash card includes, for example, at least one of a bank number, a branch number, an account number, and an account type. In the description of this embodiment, the unique information of the cash card is an account number.

The function of the ATM dial authentication device 824 provided in the personal authentication system of the fifth embodiment is mainly the same as that of the dial authentication device 804 provided in the personal authentication system of the first embodiment. The ATM dial authentication device 824 provided in the personal authentication system of the fifth embodiment has the following functions in addition to the same functions as the dial authentication device 804 provided in the personal authentication system of the first embodiment. The ATM dial authentication device 824 of the fifth embodiment manages user accounts. The user management table 80442 of the ATM dial authentication device 824 includes an account number (not shown). The account number included in the user management table 80442 is the account number of the financial institution owned by the user. In the user management table 80442, an account number and a user telephone number 804422 are stored in advance in association with each other. In addition, the user management table 80442 stores financial institution account information corresponding to the user ID. The account information of the financial institution includes a deposit balance, a borrowing balance, a borrowable balance, and the like. However, the user-specific information is not necessarily managed by the user management table 80442, and may be managed by a plurality of tables corresponding to the user ID. The management method of the user's unique information is left to the implementer of the present invention according to the type of service and the scale of the user. Part of the user's unique information corresponding to the user ID is included in the authentication result transmitted from the ATM dial authentication device 824 to the ATM 8210.

Next, an outline of processing of the personal authentication method of the fifth embodiment will be described. The sequence diagram of the personal authentication method of the fifth embodiment is mainly the same as FIG. 9 which is the sequence diagram of the personal authentication method of the first embodiment. The card information reading unit 8216 of the ATM 8210 reads the account number by the user's card operation. Next, ATM 8210 transmits the read account number to ATM dial authentication apparatus 824 (ST80211). ATM dial authentication apparatus 824 receives the account number (ST80212). Next, the ATM dial authentication device 824 selects from the user management table 80442 a record in which the received account number matches the account number of the user management table 80442. Next, ATM dial authentication apparatus 824 extracts user telephone number 804422 from the selected record (ST80213). Next, ATM dial authentication apparatus 824 selects a confirmation telephone number (ST80214). Next, ATM dial authentication apparatus 824 associates the extracted user telephone number 804422 with the selected confirmation telephone number, and stores them in confirmation telephone number correspondence table 80441 (ST80215). Next, ATM dial authentication apparatus 824 notifies mobile phone 8060 of the selected confirmation telephone number (ST80216). Next, cellular phone 8060 transmits a dial with caller phone number notification to the notified confirmation phone number in response to a user operation (ST80218). ATM dial authentication apparatus 824 accepts an incoming dial call from mobile phone 8060 (ST80219). Next, the ATM dial authentication device 824 acquires the caller telephone number and the incoming telephone number from the received dial. Next, ATM dial authentication apparatus 824 associates the acquired incoming telephone number with the acquired caller telephone number, and stores them in incoming telephone number correspondence table 80444 (ST80220). On the other hand, ATM 8210 transmits an authentication result request to ATM dial authentication apparatus 824 (ST80221). ATM dial authentication apparatus 824 receives an authentication result request from ATM 8210 (ST80222). Based on the connection ID included in the authentication result request, the ATM dial authentication apparatus 824 selects a record related to the authentication result request from the confirmation telephone number correspondence table 80441. Subsequently, the ATM dial authentication device 824 extracts the confirmation telephone number 804441 and the user telephone number 804413 from the selected record. Next, the ATM dial authenticating device 824 matches the extracted confirmation telephone number 804441 with the incoming telephone number 804442 in the incoming telephone number correspondence table 80444, and sends out the extracted user telephone number 804413 and incoming telephone number correspondence table 80444. It is determined whether or not a record that matches the subscriber telephone number 804443 exists in the incoming telephone number correspondence table 80444. If the record exists in the incoming telephone number correspondence table 80444, the ATM dial authentication device 824 determines that authentication is possible. On the other hand, when the record does not exist in the incoming telephone number correspondence table 80444, the ATM dial authentication apparatus 824 determines that authentication is not possible (ST80223). ATM dial authentication apparatus 824 transmits the authentication result to ATM 8210 (ST80224). ATM 8210 receives the authentication result (ST80225). Next, the ATM 8210 displays the authentication result on the display device. The user of the ATM 8210 performs a subsequent operation based on the information displayed on the display device of the ATM 8210. Subsequent operations are, for example, withdrawal of deposits, repayment of borrowings or borrowing of borrowings.

By the way, a general ATM can accept various operations such as withdrawal of deposits, repayment of borrowings and borrowing of borrowings. Therefore, prior to ST80211, ATM8210 accepts the type of operation from the user. The ATM 8210 transmits the received operation type to the ATM dial authentication device 824 together with the account number. The ATM dial authentication device 824 receives the type of operation from the ATM 8210. Then, the ATM dial authentication device 824 determines user-specific information to be included in the authentication result based on the type of operation received.

The following procedure may also be used. A general ATM can accept various operations such as withdrawal of deposits, repayment of borrowings and borrowing of borrowings. Here, the ATM dial authentication device 824 stores operations that can be accepted from the user of the ATM 8210 in advance corresponding to the user ID. In this case, the ATM 8210 does not accept the type of operation from the user before sending the authentication request. The ATM dial authentication device 824 sends an acceptable operation corresponding to the authenticated user ID to the ATM 8210, including the authentication result. The ATM 8210 displays the authentication result received from the ATM dial authentication device 824 and acceptable operations on the display device. The user of the ATM 8210 selects an operation from the types of operations displayed on the display device of the ATM 8210. Then, the ATM 8210 executes the selected type of operation.

The personal authentication method of the fifth embodiment may be combined with a conventional personal authentication method using a cash card and a personal identification number. As a result, even if the cash card and the password are stolen, the deposit is not withdrawn by the impersonating user unless dialing from the mobile phone 8060 owned by the user.

Here, an application example of the fifth embodiment of the present invention will be described. An ATM dial authentication device 824 provided in the personal authentication system of the fifth embodiment also serves as a device for calculating a utility bill. The ATM dial authentication device 824 calculates utility bills, issues bills, and manages the payment status. For example, public charges are telephone charges, mobile phone charges, electricity charges, gas charges, and water charges. The ATM dial authentication device 824 stores the telephone number of the mobile phone 8060 and the identifier of the user who receives the utility bill service in association with each other. When the ATM dial authentication device 824 lends a loan to the user of the ATM 8210, the ATM dial authentication apparatus 824 charges the loan together with the bill for the utility bill. In addition, the ATM dial authentication device 824 accepts payment of a utility bill from a user of the ATM 8210. When the ATM dial authentication device 824 authenticates the user of the ATM 8210, the ATM dial authentication device 824 accepts from the ATM 8210 payment of the unpaid utility charges of the user of the mobile phone 8060.

(Sixth embodiment)
The personal authentication system of the sixth embodiment will be described below, but the same reference numerals are used for the same portions as those of the personal authentication system of the first embodiment and the personal authentication system of the fifth embodiment. Omitted.

As a personal authentication system of the sixth embodiment, a specific embodiment in which the personal authentication system of the first embodiment is used for credit card payment at a store will be described. Conventionally, in store credit card settlement, in order to prevent the use of impersonation, a store salesperson visually compares the signature of the usage slip with the signature on the back of the credit card. However, visual verification is not sufficient as an anti-spoofing measure. In the personal authentication system of the sixth embodiment, an example in which a telephone caller telephone number is used instead of signature verification will be described. In the sixth embodiment, the credit card number plays the same role as the user ID in the first embodiment. That is, in the sixth embodiment, the unique information of the user is the credit card number.

FIG. 17 is a schematic configuration diagram of a personal authentication system according to the sixth embodiment. The personal authentication system shown in FIG. 17 includes a plurality of reader devices 8310, a plurality of mobile phones 8060, and a dial authentication device 804. The reader device 8310 is connected to the network 9. Details of the reader device 8310 will be described with reference to FIG. In the store, the store salesperson usually operates the reader device 8310. However, the user who is authenticated in the personal authentication system of the sixth embodiment is a credit card holder. Therefore, in order to simplify the description, in the description of this embodiment, the user of the reader device 8310 is assumed to be a credit card holder. The cellular phone 8060 is a telephone that transmits a dial accompanied by a caller telephone number notification when operated by a user. The cellular phone 8060 may be an IP phone. In this case, the public switched telephone line network 2 is the Internet. The dial authentication device 804 is connected to the reader device 8310 via the network 9. The dial authentication device 804 is connected to a mobile phone 8060 via the public switched telephone network 2. For the sake of clarity, in the personal authentication system of the sixth embodiment, processing of one reader device 8310 and one mobile phone 8060 will be described. In practice, the dial authentication device 804 authenticates a plurality of reader devices 8310 via the network 9. That is, the dial authentication device 804 can receive a credit card number transmission and an authentication result request from a plurality of reader devices 8310. In practice, the dial authentication device 804 is connected to a plurality of mobile phones 8060 via the Internet 1. In FIG. 17, three reader devices 8310 are shown, but any number of personal authentication systems may be provided. In FIG. 17, three mobile phones 8060 are illustrated, but any number of mobile phones 8060 may be provided in the personal authentication system.

FIG. 18 is a block diagram of a configuration of a reader device 8310 provided in the personal authentication system of the thirteenth embodiment. The reader device 8310 physically includes a transmission / reception unit 8311, a central processing unit 8312, a main storage device 8313, an auxiliary storage device 8314, an input device (not shown), a display device (not shown), a card information reading unit 8316, and the like. It is a device equipped. The transmission / reception unit 8311 is an interface that is connected to the network 9 and transmits / receives data to / from an external device (dial authentication device 804). The central processing unit 8312 is, for example, a CPU. The central processing unit 8312 performs various processes by executing programs stored in the main storage device 8313. The main storage device 8313 is, for example, a memory. The main storage device 8313 stores a program executed by the central processing unit 8312, information required by the central processing unit 8312, and the like. The auxiliary storage device 8314 is, for example, a hard disk. The auxiliary storage device 8314 stores various types of information. The input device is, for example, a keyboard or a touch panel. Various information is input to the input device from the user. The display device is a display. On the display device, information instructed to be displayed by the central processing unit 8312 is displayed. The card information reading unit 8316 is a device that reads information stored in a credit card. The card information reading unit 8316 provided in a general card reader of a credit card is sufficient. Note that the reader device 8310 does not necessarily include the auxiliary storage device 8314.

The function of the reader device 8310 provided in the personal authentication system of the sixth embodiment is mainly the same as that of the client device 8010 provided in the personal authentication system of the first embodiment. A reader device 8310 provided in the personal authentication system of the sixth embodiment has the following functions in addition to the functions of the client device 8010 provided in the personal authentication system of the first embodiment. The reader device 8310 receives a credit card number and a payment amount by a user operation. The reader device 8310 transmits the credit card number and the payment amount to the dial authentication device 804.

The function of the dial authentication device 804 provided in the personal authentication system of the sixth embodiment is mainly the same as that of the dial authentication device 804 provided in the personal authentication system of the first embodiment. The dial authentication device 804 provided in the personal authentication system of the sixth embodiment has the following functions in addition to the functions of the dial authentication device 804 provided in the personal authentication system of the first embodiment. The dial authentication device 804 of the sixth embodiment processes credit card credit examination and billing. The user management table 80442 of the dial authentication device 804 includes a credit card number (not shown). The credit card number included in the user management table 80442 is a credit card number owned by the user. The user management table 80442 stores in advance the correspondence between credit card numbers and user telephone numbers. Further, the confirmation telephone number correspondence table 80441 of the dial authentication device 804 includes a settlement amount (not shown). The settlement amount included in the confirmation telephone number correspondence table 80441 is an amount to be settled with a credit card.

Next, an outline of processing of the personal authentication method of the sixth embodiment will be described. The sequence diagram of the personal authentication method of the sixth embodiment is mainly the same as FIG. 9 which is the sequence diagram of the personal authentication method of the first embodiment. The reader device 8310 receives a payment amount by a user operation. Also, the card information reading unit 8316 of the reader device 8310 reads the credit card number by the user's card operation. Next, reader apparatus 8310 transmits the read credit card number and the accepted payment amount to dial authentication apparatus 804 (ST80211). Dial authentication apparatus 804 receives the credit card number and the payment amount (ST80212). Next, the dial authentication device 804 selects from the user management table 80442 a record in which the received credit card number matches the credit card number in the user management table 80442. Next, dial authentication apparatus 804 extracts user telephone number 804422 from the selected record (ST80213). Next, dial authentication apparatus 804 selects a confirmation telephone number (ST80214). Next, dial authentication apparatus 804 associates the extracted user telephone number 804422 with the selected confirmation telephone number and the received payment amount, and stores them in confirmation telephone number correspondence table 80441 (ST80215). Next, dial authentication apparatus 804 notifies mobile phone 8060 of the selected confirmation telephone number (ST80216). Mobile phone 8060 transmits a dial including a caller phone number notification to the notified confirmation phone number in response to a user operation (ST80218). Dial authentication apparatus 804 accepts an incoming dial call from mobile phone 8060 (ST80219). Next, the dial authentication device 804 acquires the caller telephone number and the incoming telephone number from the received dial. Next, dial authentication apparatus 804 associates the acquired incoming telephone number with the acquired caller telephone number, and stores them in incoming telephone number correspondence table 80444 (ST80220). On the other hand, reader apparatus 8310 transmits an authentication result request to dial authentication apparatus 804 (ST80221). Dial authentication apparatus 804 receives an authentication result request from reader apparatus 8310 (ST80222). The dial authentication device 804 selects a record related to the authentication result request from the confirmation telephone number correspondence table 80441 based on the connection ID included in the authentication result request. Subsequently, the dial authentication device 804 extracts the confirmation telephone number 804441 and the user telephone number 804413 from the selected record. Next, the dial authentication device 804 matches the extracted confirmation telephone number 804441 with the incoming telephone number 804442 of the incoming telephone number correspondence table 80444, and the extracted user telephone number 804413 and the caller of the incoming telephone number correspondence table 80444 It is determined whether or not a record matching the telephone number 804443 exists in the incoming telephone number correspondence table 80444. If the record does not exist in incoming call number correspondence table 80444, dial authentication apparatus 804 determines that authentication is not possible (ST80223). On the other hand, when the record exists in the incoming telephone number correspondence table 80444, the dial authentication device 804 performs credit examination for the credit card corresponding to the extracted user telephone number. Incidentally, since the dial authentication device 804 includes the credit card number in the user management table 80442, it is easy to specify the credit card corresponding to the user telephone number. The dial authentication device 804 charges the payment amount to the credit card when the credit examination is good. Note that the dial authentication device 804 may request the credit screening process and the billing process from a device dedicated to the credit screening process and the billing process. Upon completion of the billing process, dial authentication apparatus 804 determines that the authentication result can be authenticated (ST80223). Dial authentication apparatus 804 transmits the authentication result to reader apparatus 8310 (ST80224). Reader apparatus 8310 receives the authentication result (ST80225). Then, the reader device 8310 displays the authentication result on the display device.

As described above, in the personal authentication system of the sixth embodiment, the telephone caller telephone number can be used instead of the signature verification in the credit card settlement at the store. In the sixth embodiment, the credit card settlement has been described. However, the settlement means is not limited to a credit card as long as it is a means for settlement after authentication. For example, the settlement means is “Jay Debit” (trademark).

Here, an application example of the sixth embodiment of the present invention will be described. The dial authentication device 804 provided in the personal authentication system of the application example of the sixth embodiment also serves as a device for calculating the utility bill. The dial authentication device 804 calculates utility bills, issues bills, and manages payment status. For example, public charges are telephone charges, mobile phone charges, electricity charges, gas charges, and water charges. The dial authentication device 804 stores the correspondence between the telephone number of the mobile phone 8060 and the identifier of the user who receives the utility bill service in the user management table 80442. The dial authentication device 804 adds the payment amount at the store to the public bill instead of charging the credit card.

(Seventh embodiment)
In the following, an example in which a personal computer and a PDA are connected to an in-house intranet in the personal authentication system of the first embodiment will be described as the personal authentication system of the seventh embodiment. The same code | symbol is used for the location which overlaps with the personal authentication system of 1st Embodiment.

Many companies set up an internal intranet to encourage employees to communicate information while keeping internal information confidential. An employee connects a portable terminal such as a personal computer or a PDA to a company intranet by a communication means such as dial-up or VPN for the purpose of browsing or updating company information from a destination or sending / receiving e-mail. Conventionally, an employee inputs a user ID and a password and connects to an in-house intranet. The user of the personal computer or PDA is authenticated by the personal authentication system of the first embodiment, and can connect the personal computer or PDA to the in-house intranet. In this case, the client device 8010 is a personal computer and a PDA that are to be connected to an in-house intranet. The dial authentication device 804 is a management server that manages an intranet in the company. The employee can connect the client device 8010 to the company intranet by inputting the user's unique information and dialing the mobile phone 8060. A user who wants to connect the client device 8010 to the company intranet cannot connect to the company intranet without both the user's unique information and the mobile phone 8060. As a result, another person who has acquired only the client device 8010 can impersonate the user of the client device 8010 and cannot connect to the in-house intranet. That is, even if the client device 8010 is lost, information leakage can be prevented.

(Eighth embodiment)
The following describes an example in which a thin client device is connected to an in-house server in the personal authentication system of the first embodiment as the personal authentication system of the eighth embodiment. The same code | symbol is used for the location which overlaps with the personal authentication system of 1st Embodiment.

The thin client device is a personal computer having a minimum auxiliary storage device. Companies have introduced a thin client system in order to prevent information leakage due to theft or loss of personal computers. The auxiliary storage device of the thin client device does not store sufficient in-house data and applications. In-house data and applications are stored by the central server. The employee operates the thin client device to connect to the central server, and browses and updates data. Conventionally, the employee inputs at least one of the user ID and the password and connects to the central server. The user of the thin client device is authenticated by the personal authentication system of the second embodiment. Then, the thin client device is connected to the in-house intranet. In this case, the client device 8010 is a thin client device that is to be connected to the central server. The dial authentication device 804 is a management server that manages the connection between the thin client device and the central server. The management server may be the central server itself. The employee can connect the thin client device to the central server by inputting the user's unique information and dialing the mobile phone 8060. A user who intends to connect the thin client device to the central server cannot connect to the central server without the thin client device, the user's unique information, and the mobile phone 8060. As a result, another person who has acquired only the thin client device cannot impersonate the user of the thin client device and connect to the central server. That is, even if the thin client device is lost, information leakage can be prevented.

(Ninth embodiment)
In the following, an example of connecting a personal computer and a PDA to a public wireless LAN in the personal authentication system of the first embodiment will be described as the personal authentication system of the ninth embodiment. The same code | symbol is used for the location which overlaps with the personal authentication system of 1st Embodiment.

Public wireless LANs that connect to the Internet at the destination are widespread. Conventionally, a user of a public wireless LAN inputs a user ID and a password, and connects a portable terminal such as a personal computer and a PDA (PERSONAL DIGITAL ASSISTANCE) to an access point of the public wireless LAN. The public wireless LAN user is authenticated by the personal authentication system of the first embodiment, and can connect the personal computer and the PDA to the access point. In this case, the client device 8010 is a personal computer and a PDA to be connected to the access point. The dial authentication device 804 is a management server that manages connections between personal computers and PDAs and access points. The public wireless LAN user can connect the client device 8010 to the access point by inputting the user's unique information and dialing the mobile phone 8060. A user who wants to connect the client device 8010 to the public wireless LAN cannot connect to the public wireless LAN without both the user's unique information and the mobile phone 8060. Thus, another person who has acquired only the client device 8010 can impersonate the user of the client device 8010 and cannot connect to the public wireless LAN.

It is a figure which shows schematic structure of the personal authentication system of 1st Embodiment. 2 is a block diagram of a configuration of a client device 8010. FIG. 3 is a block diagram of a configuration of a dial authentication device 804. FIG. 3 is a functional block diagram of a dial authentication device 804. FIG. 4 is a configuration diagram of a confirmation telephone number table 80443 stored in an auxiliary storage device 8014 of the dial authentication device 804. FIG. 4 is a configuration diagram of a confirmation telephone number correspondence table 80441 stored in an auxiliary storage device 8014 of a dial authentication device 804. FIG. 4 is a configuration diagram of a user management table 80442 stored in an auxiliary storage device 8014 of the dial authentication device 804. FIG. 4 is a configuration diagram of an incoming telephone number correspondence table 80444 stored in an auxiliary storage device 8014 of the dial authentication device 804. FIG. It is a sequence diagram of a process of the personal authentication method of the first embodiment. It is a schematic block diagram of the personal authentication system of 2nd Embodiment. 4 is a functional block diagram of a dial authentication WEB device 814. FIG. It is a sequence diagram of a process of the personal authentication method of the second embodiment. It is a schematic block diagram of the personal authentication system of 3rd Embodiment. It is a sequence diagram of a process of the personal authentication method of the third embodiment. It is a schematic block diagram of the personal authentication system of 5th Embodiment. 2 is a block diagram of a configuration of ATM 8210. FIG. It is a schematic block diagram of the personal authentication system of 6th Embodiment. 3 is a block diagram of a configuration of a reader device 8310. FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Internet 2 Public switched telephone line network 5 WEB server 8010 Client apparatus 8011 Transmission / reception part 8012 Central processing unit 8013 Main storage unit 8014 Auxiliary storage unit 804 Dial authentication apparatus 80400 Authentication program 8041 Transmission / reception part 8042 Central processing unit 8043 Main storage unit 80431 Main Module 804321 User ID reception module 804322 Authentication result request reception module 80433 User information retrieval module 80434 Confirmation telephone number selection module 80435 Confirmation telephone number transmission module 80436 Dial incoming module 80437 Telephone number reading module 80438 Authentication module 80439 Authentication result transmission module 8044 Auxiliary Storage device 80441 Telephone number correspondence table for confirmation 804441 Confirmation telephone number 804413 User telephone number 80442 User management table 804421 User ID
804422 User telephone number 80443 Confirmation telephone number table 804431 Confirmation telephone number 804432 Assignment flag 80444 Incoming telephone number correspondence table 804442 Incoming telephone number 804443 Caller telephone number 8060 Mobile phone 8080 Fixed telephone 8110 Client apparatus 814 Dial authentication WEB apparatus 81400 Authentication program 81439 Authentication result transmission module 8210 ATM
8211 Transmission / reception unit 8212 Central processing unit 8213 Main storage unit 8214 Auxiliary storage unit 8215 Cash handling unit 8216 Card information reading unit 824 ATM dial authentication unit 8310 Reader unit 8311 Transmission / reception unit 8312 Central processing unit 8313 Main storage unit 8314 Auxiliary storage unit 8316 Card information Reading unit 854 Dial authentication dedicated WEB device 9 Network

Claims (27)

A plurality of client computers having a processor, a memory and an interface, a plurality of telephones for dialing with caller ID notification, and an authentication having a processor, a memory and an interface and connected to the plurality of client computers via a network An authentication system comprising a computer,
The authentication computer is
Storing user management information indicating correspondence between the user's unique information and the telephone number of the telephone owned by the user;
Upon receiving user-specific information from the client computer, the telephone number of the telephone corresponding to the received user-specific information is identified based on the user management information,
From among the phone numbers that can be received by the authentication computer, select a phone number that is not associated with any of the previously identified phone numbers as a confirmation phone number,
Storing the telephone number of the identified telephone and the selected confirmation telephone number in association with each other;
Notify the selected telephone number for confirmation to the telephone,
Receive an incoming dial call from the phone,
Identify the caller's phone number and the incoming phone number from the incoming dial,
Determining whether the correspondence between the identified caller telephone number and the identified incoming telephone number matches the correspondence between the stored telephone number and the confirmation telephone number;
An authentication system, wherein if it is determined that the two correspondences match, it is determined that the client computer that is the transmission source of the unique information of the user is operated by a legitimate user. A plurality of client computers having a processor, a memory and an interface, a plurality of telephones for dialing with caller ID notification, and an authentication having a processor, a memory and an interface and connected to the plurality of client computers via a network An authentication system comprising a computer,
The authentication computer is
Storing user management information indicating correspondence between the user's unique information and the telephone number of the telephone owned by the user;
Upon receiving user-specific information from the client computer, a telephone number that is not associated with any of the previously received user-specific information among telephone numbers that can be received by the authentication computer. Select as number,
Storing the received unique information of the user and the selected confirmation telephone number in association with each other;
Notify the selected telephone number for confirmation to the telephone,
Receive an incoming dial call from the phone,
Identify the caller's phone number and the incoming phone number from the incoming dial,
Based on the user management information, identify user specific information corresponding to the identified caller telephone number,
It is determined whether the correspondence between the specific information of the identified user and the identified incoming telephone number matches the correspondence between the stored unique information of the user and the confirmation telephone number And
An authentication system, wherein if it is determined that the two correspondences match, it is determined that the client computer that is the transmission source of the unique information of the user is operated by a legitimate user. A plurality of client computers having a processor, a memory and an interface, a plurality of telephones for dialing with caller ID notification, and an authentication having a processor, a memory and an interface and connected to the plurality of client computers via a network An authentication system comprising a computer,
The authentication computer is
Storing user management information including correspondence between the user's unique information and the telephone number of the telephone owned by the user;
Upon receiving user-specific information from the client computer, a telephone number that is not associated with any of the previously received user-specific information among telephone numbers that can be received by the authentication computer. Select as number,
Storing the received user-specific information and the selected confirmation telephone number in the confirmation telephone number correspondence information in association with each other;
Notify the selected telephone number for confirmation to the telephone,
Receive an incoming dial call from the phone,
Identify the caller's phone number and the incoming phone number from the incoming dial,
Based on the confirmation telephone number correspondence information, specific information of the user corresponding to the identified incoming telephone number is identified,
A correspondence between the specific information of the identified user and the identified caller telephone number; a correspondence between the unique information of the user included in the user management information and the telephone number of the telephone owned by the user; Determine whether they match,
An authentication system, wherein if it is determined that the two correspondences match, it is determined that the client computer that is the transmission source of the unique information of the user is operated by a legitimate user.   The unique information of the user includes at least one of a user identifier, a personal identification number, a card number owned by the user, and user biometric information. The described authentication system. The authentication computer is
When a predetermined time has elapsed since the confirmation telephone number is stored in association with each other, the association of the confirmation telephone number is canceled,
The authentication system according to any one of claims 1 to 3, wherein the confirmation telephone number for which the association has been canceled is associated again.   The authentication computer notifies the telephone of the selected confirmation telephone number by transmitting a dial originating from the selected telephone number for confirmation to the telephone number of the identified telephone. The authentication system according to claim 1, wherein: The authentication computer is
Based on the user management information, identify the telephone number of the telephone corresponding to the received unique information of the user,
The selected confirmation telephone number is notified to the telephone by dialing the selected confirmation telephone number as a caller to the telephone number of the identified telephone. The authentication system according to claim 2 or 3. The user management information further includes a correspondence between the user's unique information and the telephone address of the telephone owned by the user,
The authentication computer is
Based on the user management information, identify a mail address of the telephone corresponding to the received unique information of the user,
The e-mail including the selected confirmation telephone number is transmitted to the e-mail address of the specified telephone, thereby notifying the telephone of the selected confirmation telephone number. Item 4. The authentication system according to any one of Items 1 to 3.   The authentication computer, when determining that the two correspondences do not match, determines that the client computer that is the transmission source of the unique information of the user is operated by an unauthorized user. The authentication system according to any one of the above. And a WEB computer for transmitting a WEB page to the client computer.
The authentication system according to any one of claims 1 to 3, wherein the authentication computer determines the legitimacy of a user who operates the client computer accessing the WEB computer.   The authentication system according to any one of claims 1 to 3, wherein the client computer is a personal computer, a reader device that reads card information, or an ATM.   The authentication system according to claim 1, wherein the authentication computer is a WEB server. An authentication computer connected to a plurality of client computers via a network and comprising a processor, a memory and an interface,
The processor is
Storing user management information indicating correspondence between the user's unique information and the telephone number of the telephone owned by the user;
Upon receiving user-specific information from the client computer, the telephone number of the telephone corresponding to the received user-specific information is identified based on the user management information,
From among the phone numbers that can be received by the authentication computer, select a phone number that is not associated with any of the previously identified phone numbers as a confirmation phone number,
Storing the telephone number of the identified telephone and the selected confirmation telephone number in association with each other;
Notify the selected telephone number for confirmation to the telephone,
Receive an incoming dial call from the phone,
From the incoming dial, specify the caller phone number and the incoming phone number,
Determining whether the correspondence between the identified caller telephone number and the identified incoming telephone number matches the correspondence between the stored telephone number and the confirmation telephone number;
An authentication computer characterized in that, when it is determined that the two correspondences match, it is determined that the client computer that is the transmission source of the unique information of the user is operated by a legitimate user. An authentication computer connected to a plurality of client computers via a network and comprising a processor, a memory and an interface,
The processor is
Storing user management information indicating correspondence between the user's unique information and the telephone number of the telephone owned by the user;
Upon receiving user-specific information from the client computer, a telephone number that is not associated with any of the previously received user-specific information among telephone numbers that can be received by the authentication computer. Select as number,
Storing the received unique information of the user and the selected confirmation telephone number in association with each other;
Notify the selected telephone number for confirmation to the telephone,
Receive an incoming dial call from the phone,
From the incoming dial, specify the caller phone number and the incoming phone number,
Based on the user management information, identify user specific information corresponding to the identified caller telephone number,
It is determined whether the correspondence between the specific information of the identified user and the identified incoming telephone number matches the correspondence between the stored unique information of the user and the confirmation telephone number And
An authentication computer characterized in that, when it is determined that the two correspondences match, it is determined that the client computer that is the transmission source of the unique information of the user is operated by a legitimate user. An authentication computer connected to a plurality of client computers via a network and comprising a processor, a memory and an interface,
The processor is
Storing user management information including correspondence between the user's unique information and the telephone number of the telephone owned by the user;
Upon receiving user-specific information from the client computer, a telephone number that is not associated with any of the previously received user-specific information among telephone numbers that can be received by the authentication computer. Select as number,
Storing the received user-specific information and the selected confirmation telephone number in the confirmation telephone number correspondence information in association with each other;
Notify the selected telephone number for confirmation to the telephone,
Receive an incoming dial call from the phone,
From the incoming dial, specify the caller phone number and the incoming phone number,
Based on the confirmation telephone number correspondence information, the user specific information corresponding to the identified incoming telephone number is identified,
Correspondence between the specific information of the identified user and the identified caller telephone number, and correspondence between the unique information of the user included in the user management information and the telephone number of the telephone owned by the user Determine whether they match,
An authentication computer characterized in that, when it is determined that the two correspondences match, it is determined that the client computer that is the transmission source of the unique information of the user is operated by a legitimate user.   The unique information of the user includes at least one of a user identifier, a personal identification number, a card number owned by the user, and user biometric information. The listed authentication calculator. The processor is
When a predetermined time has elapsed since the confirmation telephone number is stored in association with each other, the association of the confirmation telephone number is canceled,
The authentication computer according to any one of claims 13 to 15, wherein the confirmation telephone number for which the association has been canceled is associated again.   The processor notifies the telephone of the selected confirmation telephone number by dialing the telephone number of the identified telephone from the selected telephone number for confirmation. The authentication computer according to claim 13. The processor is
Based on the user management information, identify the telephone number of the telephone corresponding to the received unique information of the user,
The selected confirmation telephone number is notified to the telephone by dialing the selected confirmation telephone number as a caller to the telephone number of the identified telephone. The authentication computer according to claim 14 or 15. The user management information further includes a correspondence between the unique information of the user and the mail address of the telephone owned by the user,
The processor is
Based on the user management information, identify a mail address of the telephone corresponding to the received unique information of the user,
The e-mail including the selected confirmation telephone number is transmitted to the e-mail address of the specified telephone, thereby notifying the telephone of the selected confirmation telephone number. Item 16. The authentication computer according to any one of Items 13 to 15.   The processor according to any one of claims 13 to 15, wherein if the processor determines that the two correspondences do not match, the processor determines that the client computer that is the transmission source of the unique information of the user is operated by an unauthorized user. The authentication computer according to any one of the above. And connected to a WEB computer that transmits a WEB page to the client computer,
16. The authentication computer according to claim 13, wherein the processor determines the validity of a user who operates the client computer that accesses the WEB computer.   16. The authentication computer according to claim 13, wherein the client computer is a personal computer, a reader device that reads card information, or an ATM.   The authentication computer according to any one of claims 13 to 15, wherein the authentication computer is a WEB server. A program connected to a plurality of client computers via a network and executed by an authentication computer having a processor, a memory and an interface,
Storing user management information indicating correspondence between the user's unique information and the telephone number of the telephone owned by the user;
When receiving user-specific information from the client computer, based on the user management information, identifying a telephone number of a telephone corresponding to the received user-specific information;
Selecting a telephone number that is not associated with any of the telephone numbers of the previously identified telephones among the telephone numbers that can be received by the authentication computer as a confirmation telephone number;
Storing the telephone number of the identified telephone and the selected confirmation telephone number in association with each other;
Notifying the telephone of the selected confirmation phone number;
Receiving a dial incoming call from the telephone;
Identifying a caller telephone number and an incoming telephone number from the incoming dial;
Determining whether or not the correspondence between the identified caller telephone number and the identified incoming telephone number matches the correspondence between the stored telephone number and the confirmation telephone number When,
And a step of determining that a client computer, which is a transmission source of the user's unique information, is operated by a legitimate user when it is determined that the two correspondences match. A program connected to a plurality of client computers via a network and executed by an authentication computer having a processor, a memory and an interface,
Storing user management information indicating correspondence between the user's unique information and the telephone number of the telephone owned by the user;
Upon receiving user-specific information from the client computer, a telephone number that is not associated with any of the previously received user-specific information among telephone numbers that can be received by the authentication computer. Selecting as a number;
Storing the received unique information of the user and the selected confirmation telephone number in association with each other;
Notifying the telephone of the selected confirmation phone number;
Receiving a dial incoming call from the telephone;
Identifying a caller telephone number and an incoming telephone number from the incoming dial;
Identifying specific information of the user corresponding to the identified caller telephone number based on the user management information;
It is determined whether the correspondence between the specific information of the identified user and the identified incoming telephone number matches the correspondence between the stored unique information of the user and the confirmation telephone number And steps to
And a step of determining that a client computer, which is a transmission source of the user's unique information, is operated by a legitimate user when it is determined that the two correspondences match. A program connected to a plurality of client computers via a network and executed by an authentication computer having a processor, a memory and an interface,
Storing user management information including correspondence between the user's unique information and the telephone number of the telephone owned by the user;
Upon receiving user-specific information from the client computer, a telephone number that is not associated with any of the previously received user-specific information among telephone numbers that can be received by the authentication computer. Selecting as a number;
Storing the received unique information of the user and the selected confirmation telephone number in the confirmation telephone number correspondence information in association with each other;
Notifying the telephone of the selected confirmation phone number;
Receiving a dial incoming call from the telephone;
Identifying a caller telephone number and an incoming telephone number from the incoming dial;
Identifying specific information of the user corresponding to the identified incoming telephone number based on the confirmation telephone number correspondence information;
Whether the correspondence between the specific information of the identified user and the identified caller telephone number matches the correspondence between the unique information of the user included in the user management information and the telephone number of the telephone Determining whether or not
And a step of determining that a client computer, which is a transmission source of the user's unique information, is operated by a legitimate user when it is determined that the two correspondences match.

Images